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system from a message sender: There is determination as to 
whethei any of the message receivers has a coiresponding 
wireless mobile commimication device Foi each message 
receiver that has a corresponding wireless mobile commu- 
nication device, the message is processed so as to modify 
the message with respect to encryption and/or authentica- 
tion aspect , The processed message is transmitted to a corre- 
sponding wireless mobile communication device T he sys- 
tem and method may include post-processing messages sent 
from a wireless mobile communications device to a remote 
system. Authentication and/oi encryption message process- 
ing is performed upon the message. The processed message 
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System and Method for Compi esstag Secure E-Mail for Exchange wth a 
Mobile Data Communication Device 

CROSS-RHPERENCH TO RELATED APPOCATION 
This application claims piiority from United States Provisional Applications S/N 
60/297,681, filed on Jxme 12, 2001, ajid S/N 60/365,535, fUed on Maich 20, 2002,. The 
complete disclosme of each of these provisional applications, indnding diawings, is hereby 
incorporated into this application by reference. 

ACKGRQTJND OF THE INVENTION 

Field of the Invention 

The piesent invention relates generally to secure electronic messaging and in 
paiticulai to an advanced system and method of exchanging secure e-mail messages between 
a host system and a mobile communications device ("mobile device") via a wireless 
communications network operable with the mobile device. 

'Descrir? tion of the Related Att 

There are many known solutions for exchanging information between host systems 
and mobile devices. However, fliese systems tend to follow simple encoding methods for 
delivering a shortened version of the original message to the mobile device, especially when 
dealing with authentication and/or encryption. This limits the use of mobile devices in 
dealing with such messages* 
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S ummary 

In accoidance with the teachings piovided heiein, a system and method are provided 
f bt pr&- processing encrypted and/oi* signed messages at a host system before the message is 
tiaosmitted to a wir eless mobile commnmcation device. The message is leccived at the host 
system from a message sender. Thei'e is a determination as to whethei' any of the message 
receivers has a corresponding wireless mobile commnmcation device.. For each message 
receiver that has a corresponding wireless mobile communication device, the message is 
processed so as to modify iJie message with respect to encryption and/or authentication , The 
processed message is transmitted to a wheless mobUe communication device that 
corresponds to the message receiver , 

The system and method may include post-processing messages sent from a wheless 
mobile cormnunications device to a remote system. Authentication and/or enctyption 
message processing is performed upon the message., The processed message may then be 
sent through the remote system to one or more receivers,. 

BRIEF DES CRIPnON OF THE DRAWINGS 

Fig„ 1 is a block diagram showing an overview of an enviEOiraient in which a mobile 

device may be used- 
Fig,. 2 is an illustration of the main types of e-mail exchanges that are commonly used 

today in the Internet 

Fig.. 3 is block diagram illusttating of the main components of a system supportmg both 
secure and unsecure e -mail exchanges- 
Fig.. 4 is a block diagram which illustrates received encrypted message size ieductioi3.. 

Fig.. 5 is a block diagram illustiating received signed message size reduction. 
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Fig . 6 is a block diagram of a system in which the size of a signed message is leduced 
based on infoimation stored at a mobile device,. 

Fig 7 is a block diagiam illustrating secure message size reduction for a leceived 
message that has been encrypted and then signed. 

Fig. 8 is a block diagram illustrating secure message size reduction for' a received 
message that has been signed and then encrypted. 

Fig . 9 is a block diagram showing an encrypted message pre-processing system 

Fig* 10 is a block diagram of a signed message pre-processing system. 

Fig,. 11 is a block diagram iUusttating secure message pre-processing for a received 
message that has been encrypted and then signed. 

Fig., 12 IS a block diagram illustrating secure message pre piGcessing fox a received 
message that has been signed and then encrypted. 

Figs,. 13 and 14 show a flow chart illustrating a method for pre-processing signed, 
encrypted or signed and encrypted messages before sending them to a mobile device. 

Fig 15 is a flow chart of a method for post-piocessing signed or encrypted and then 
signed messages sent from a mobile device.. 

Fig.. 16 is a flow chart of a method for post-processing encrypted or signed and then 
encrypted messages sent from a mobile device. 

Fig . 17 is a block diagram of an exemplary wireless communication device that could 
be used with the systems and methods described herein . 

Figs, 18 and 19 are block diagrams depicting processing of messages involving a 
mobile device, 
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Fig 20 ^ a block diagrmn showing an example communication system- 
Fig. 21 is a block diagi am of an alternative example communication system,. 
Hg. 22 is a block diagiam of andthei alternative communication system. 



DETAILED DESCRIFnON 

Suppoiting S/MIME, PGP and other e-mail secuiity methods in a wireless 
enviionment is desiied for a lichei' and secuie e-mail experience foi' the coipoiate user of a 
mobile device accessing data stored at oi associated with his corporate enterprise's computea: 
system. The systems and methods described herein allow secuie messaging methodologies to 
be used, for example, between coipoiate users and mobile devices,. This ^extending' of 
corporate e-mail mailboxes to mobile devices has been made possible by the related United 
States Patent 6,219,694, titled "System and Method for Pushing Infotmation from a Host 
System to a Mobile Data Communication Device Having a Shared Electronic Address," 
issued on April 4, 2001 (hereinafter iefa:red to as the "'694 Patent"), which is incorporated in 
its entirety herein by reference By using such a system as described in the '694 Patent, 
*Inteinet' communicable or formatted e-mail may be seat or pushed to mobile devices to 
thereby provide richer and farther reaching security that extends what is available in the 
mobile communications industry today, In previous wireless e-mail solutions, the ability to 
adequately support security between different corporations was not possible,. With the rise of 
secure e-mail between both coipoiate and private users, like the S/MIME and PGP standards, 
mobile device support for such secure e-mail methods is desired. 

As used in this application, the term "host system" refers to one or more computers at, 

with or in association with which a wireless coirmiunications connector' system (hereinafter' 

referred to as the "wireless connector") is operating. In an embodiment, the host system is a 

server' computer luiming within a corporate network enviionment operating behind and 
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piotected by at least one security fiiewall. The host system implements a wireless connector- 
system as an associated wiieless communications enabling component, which will noimally 
be a software progiam/application/component built to work with at least one oi more 
messaging servers, such as Microsoft^^ Exchange oi' Lotus Domiao^^,. The wireless 
connectoi" system oi* software program is used to send and receive user-selected information 
to a mobile device, via a wiieless network., Alternatively, the host system could be a user's 
desktop or laptop PC, ako running within a coipoiate environment cormected to local-area 
network ("LAN")* or could be any othei system that is in communication with a user's PC 
Thus, a wiieless coimectot system or softwate program may be seivei-based or PC-based, 
such that the host system may fc^ a seivei computer, a desktop computer- or' a laptop 
computer 

A wireless connectoi system operating at a host system enables the user' of a mobile 
device to send ox miirot , via a wireless network, certain user- selected data items oi parts of 
data items &om the host system to the user's mobile device upon detecting that one or more 
triggering events has occuired., In the process of sending data items to the user's mobile 
device^ thexe is special processing performed that enables the support of S/MIME or PGP 
encrypted messages* For one skilled in the ait of S/MIME, it is well known that the size of 
an original e-mail message can be dramatically increased when S/MIME algorithms are 
applied to the message.. By applying advanced filtering, le-organization and pre-processing 
on the message, the user can still receive such data items on a mobile device* In some 
situations, the user can have fuU control over S/MIME processing stages and can direct the 
host system as to which procedures it should perform on a message. 

When wu'eless access to corporate data for a mobile device has been activated at the 

host system, for example when the host system detects the occurrence of a triggering event, 

the host system repackages received messages in a manner that is transparent to the mobile 

5 



CA 02450601 2003-12-12 
WO 02/101605 PCT/CA02/00889 

device, so that infbimation sent to and leceived by the mobile device appeais similai to the 

infoimation as stoi'ed on and accessible at the host system.. A tiiggering event includes, but is 

not limited to one Of more of the following: a command sent fiom the mobile device or 

anothei- computei to the host system to stait sending one oi^ more messages stored at th.e host 

system, activation of a screen saver application at the host system or a computei" associated 

with the host system, etc. In addition to repackaging the infoimation itself, the repackaging 

may also provide inf oimation about the message, foi example whethei oi not the message 

was signed and whether or not the signature was verified* One prefeired repackaging method 

includes wrapping received messages to be sent via the wireless network in an electronic 

envelope that coiiesponds to the wireless network address of the mobile device. 

Alteinativeiy, other repackaging methods could be used with the system, such as special- 

pmpose Transmission Conlaol Protocol over Internet Protocol (TCP/IP) wrapping techniques 

Such repackaging piefeiably also results in e-mail messages sent from the mobile device 

appearing to come from the host system even though they are initiated (i.e., composed and 

sent from) at the mobile device, thus enabling the mobile device user to appear to the 

intended r ecipient(s) of his messages to use and have a single e-mail address,. 

In an alternative system and method, a wireless connector system operates in 

conjunction with a network server, and the server is programmed to detect numerous event 

triggers over the network fiom multiple user computers (such as desktop and notebook 

computers) coupled to the server via a Local Area Network (LAN) , The server can detect 

internal event triggers from each of the user desktop computers via the network, and can also 

detect external event triggers, such as messages or commands fiom the users' mobile devices. 

In response to detecting one of these triggers, the server sends received messages to the 

proper- mobile device, The messages and addressing infoimation for a particular^ mobile 

device can be stored at a storage device at, coupled to or associated with tiie server or at a 
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Storage device at, coupled to oi' associated with the u^'s desktop or notebook computei 
connected to the LAN. Using this alternative configmation, one wireless connectoi system 
can sejve a pluiality of useiB This alternative configuiation could also include an internet- oi 
nitcanet -based system that conld be accessible through a secme webpage or other usex^ 
interface . The wiieless connectoi system could be located on an Ihtemet Service Providei' 
(ISP) system and accessible only or also through an Internet inteif ace,. - 

in another configaration^ a wiieless connector system ppeiates at both a host system 
and at a user*s mobile device. The user*s mobile device then opeiates similarly to the host 
system, and is configured in a similai" fashion to send ceitain user- selected data items ft'om 
the mobile device to the host system (oi possibly to some other destination) upon detecting a 
ttiggeiing event at the mobile device., This configuiation provides two-way sending of 
inf bimation between the host system and the mobile device,. 

Fig . 1 is a block diagram showing an overview of an environment in which a mobile 
device may be used. One skilled in the ait can appreciate that there could be many di£f eient 
topologies, but the one shown in Fig. 1 helps demonstrate how systems and methods may be 
implemented 

In Fig., 1, there is shown a corporate LAN 30 behind a security firewall 22 as an 
illustrative example of a cential, server -based host system, typically referred to herein as a 
corporate LAN or host location . However , this does not restrict the host location from being 
a branch office, a home office or- some other location where e-mail messages are being 
exchanged,. As described above, the host system may mstead be a desktop or laptop 
computer.. Also shown is an e-mail sender 10, which could for example be an individual 
using an ISP account, a person within another company, a person in the same company 
within another branch office, or a user of an ASP (application service provider),. 
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Within the corporate LAN 30 is a message servei 40, running on a computet behind 
the firewall of the coipoiation, that acts as the main interface for the corporation to exchange 
electionic mail, calendaring (feta, voice mail, electronic documents, and other personal 
information management (PIM) data with a WAN 20, which wonld typically be the Internet. 
Two of the most common message servers 40 are Microsoft Exchange and I^tus Domino 
server products.. These servers ate often used in conjunction with Internet mail routers that 
typically use UNIX-based Sendmail protocols to route and deliver electronic mail. Thes6 
intermediate steps and computers will be dependent upon the specific type of message 
delivery mechanisms and networks via which e-mail messages are exchanged, but have not 
been shown in Fig. 1 since they do not directly play a r ole in the opeiation of the systems and 
methods described herein., A message servei 40 may extend beyond just e-mail sending and 
receiving, providing such functionality as dynamic database storage engines that have 
predefined database formats for data like calendars, todo hsts, task lists, e-mail and 
documentation. 

Within this typical corporate environment, a wireless connector system 45 ds. 

described briefly above may be operable in conjunction with the message server- 40. The 

wireless cormector system 45 may reside on the same computer as the message server 40, but 

this is not a requirement.. The wireless connector system 45 and the message servei 40 are 

designed to co-operate and interact to allow the pushing of information to mobile devices 

100 In such an installation, the wireless connector system 45 is preferably configured to 

send confidential and non-confidential corpoiate mfonnation for each user that has a mobile 

device 100 through the corporate fnewall 22, via a wireless network, to the user's mobile 

device 100, The wireless connector system 45 preferably employs a *push-based' technique, 

a 'pull-based' technique or some combination thereof so that any e-mail system including a 

message server 40 could be extended. The user's mobile device 100 thereby has access to 
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Stored messages of the message seiver. Although the system is not directed solely to a 'push- 
based' techmque, a more detailed description of such a redirection system may be found in 
the above referenced '694 Patent and in the following co-pendmg, and commonly- owned, 
United States Patent Applications, all of which are related to the '694 Patent: United States 
Patent Applications S/N 09/401,868, S/N 09/545,963, S/N 09/528,495, S/N 09/545,962, and 
S/N 09/649,755,. The complete disclosme of each of these applications, including diawmgs 
and claims, is hereby incoipoiated into this application by reference. This push technique 
uses a wireless friendly encoding, compression and encryption technique to deliver all 
information to a mobile device, thus effectively extending the company firewall 22 to include 
the mobile devices 100,. 

As shown in Fig- 1, there are many alternative paths for getting information to a 
mobile device 100 fiom the corporate network 30., One possible transfer path foi gettmg 
information to a mobile device 100, discussed latei in this section, is through a physical 
connection 50 such as a serial poit, using an mterface or connector 65 This path may be 
useful for example for bulk infoimation updates often performed at initialization of the 
system or periodically when a user of a mobile device 100 is woiking at a desktop computer 
system with the LAN 30, such as the host computer system 35. Although only one desktop 
computei" system 35 is shown m Fig, 1 , those skilled in the art will appreciate that a LAN will 
typically contain many desktop, notebook and laptop computer- systems. 

Anothei method for data exchange with a mobfle device 100 is ovei-the air using 
witness networks., As shown in FigL 1, this could involve a Wireless Virtual Private Network 
(VPN) router 75, if available in the network 30, or through a traditional Wide Area Network j 
(WAN) connection to a wueless gateway 85 that provides an interface to one or more j 
wireless networks such as 105 and 110- The concept of a Wir eless VPN router 75 is new in 

the wueless uidustry and implies fliat a VPN connection could be established dir ectly thr ough i 
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a specific wiieless network 110 to a wireless device 100. The possibiEty of using a Wireless 
VPN 75 router has only recently been available and could be used in conjunction with a static 
addressing scheme,. Foi example, a wiieless network such as 110 could be an IP-based 
wireless network in which the new IP Version 6 (IPV6) would provide enough IP addiesses 
to dedicate an IP addiess to eveiy mobile device 100 and thus make it possible to push 
information to a mobile device 100 at any time., A piimaiy advantage of using a wireless 
VPN loutei 75 is that it could be an off-the-shelf VPN component, which would not requiie a 
sepaiate wireless gateway 85- A VPN connection would most likely use a TCP/IP ox' Usei 
Datagr am Protocol (UDV)flP connection to deliver messages diiectly to a mobile device 100 . 

If a wireless VPN 75 is not available, then a link to a WAN 20, normally the Internet, 
is a commonly used connection mechanism,. For one skilled in the art of wireless networks, 
the path foi deliveiing wiceless datagrams to mobile devices 100 is well known,. To handle 
the addressing of the mobile device 100 and any other requited interface functions , ^wiieless 
gateway 85 is preferably used The wireless gateway 85 may also determine a most likely 
network for locating a given user and tiack users as they loam between countries oi networks,. 
In wheless networks such as 110 and 105, messages are normally delivered to and from 
mobile devices 100 via RF transmissions between base stations (not shown) and mobile 
devices 100. 

Also shown in Fig 1 is a composed e-mail message 15 leaving the e-mail sender 10, 

located somewhere on the WAN 20,. This message 15 is fuUy in the clear and may use 

traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and MIME body parts to 

define the format of the mail message. These techniques are all well known to one in the art. 

In this envitonment, the message 15 arrives to the message server 40 and is forwaided by the 

wiiel^s connector system 45 to a mobile device 100.. As this takes place, the message is le- 

enveloped as indicated at 80 and a compression and encryption algorithm can be applied to 
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the oiigiiial message 15 . In tbis way, messages being road on the mobile device 100 aie no 
less secure then reading them on the desktop computer system 35. Prefeiably, ail messages 
exchanged between the system 45 and the mobile device 100 prefeiably use this message 
repackaging technique. Another goal of this ontei envelope (although not required) is to 
maintain at least some of the addressing information of the original message 15., This allows 
reply messages to reach the appropriate destination, and it allows the "ftom" field to reflect 
the c-maa addiess of the mobile device user's electronic mailbox account at his desktop 
computei- system 35. Using the usei's desktop computea system e-mail address fi'om the 
mobile device 100 allows the leceived message to appeal as though the message originated 
from the user's electionic mailbox account at his desktop computer system 35 rather than the 
mobile device 100 . 

Turning back to the physical connection 50 to the mobile device 100, this connection 
path offers many advantages for enabling one-time data exchange of large items., Fot those 
skiEed in the art of Personal Digital Assistants (PDAs) and data synchronization, Personal 
Infotmation Management (PIM) data is coirmionly exchanged over such a connection, for 
example a serial port connected to an appropriate interface or connector 65 such as a cradle in 
or upon which the mobile device may be placed. When exchanged for the first time, the 
amount of PIM data tends to be relatively large and requires a large bandwidth for transfer to 
the mobile device 100 This physical connection 50 can also be for other purposes, including 
tcansfening private security keys (hereinafter referred to as "private keys") such as a mobile 
device user's private key used in piocessmg S/MIME messages, a user's digital Certificate 
(Cert) and any chained Certs, and CRL(s) ftom the user's desktop computer system 35 to the 
usei's mobile device 100,. For example, a private key may be generated by collecting cursor' 
position information while a user moves a mouse or other' input device coupled to the 
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compTito system 35.. The privat& key may tiien be loaded onto the mobile device 100 
through &e physical connection 50 and the interface oi' connector 65 

The piivate key exchange allows a usei's desktop compntei system 35 and mobile 
device 100 to share at least one personality and a method for accessing aU encrypted mail 
The user *s desktop computer^ system 35 and mobile device 100 can also thereby share private 
keys and thus either the host system 35 or mobfle device IM can process secure messages 
addressed to the user's electronic mailbox account or desktop computer system 35. The 
transfer of Ceits and CRLs ovei such a physical connection 50 may be desirable in that they 
represent a large amount of the data fliat is lequir^ by a mobile device 100 for S/MIMB, 
PGP and other public key security methods. A Ceit is often part of a Ceit chain, which 
includes a user's Cert as well ^ ppssibly other Certs to verify that the usei*s Cert is authentic. 
While verifying the signature on a signed message, the receiver of the message will also 
typically obtain a Ceit chain for the signing Cert of the message and verify that each Ceit in 
the chain was signed by the next Cert in the chain, until a Ceit is found that Was signed by a 
loot Cert fi om a trusted source, perhaps from a large Public Key Server (PKS) associated 
with a Certificate Authority (CA) such as Verisign^'^ or Entrust^" for example, both 
prominent companies in the aiea of public key ciyptogiaphy,. Once such a xoot Ccai; is found, 
a signataie can be trusted, since both the sender and receiver trust the source of the i oot Cert . 

It should be appreciated that the usei's own Celt or Cert chain, as well as those for 

other users, may be loaded onto a mobile device 100 from a the user's desktop computer' 

system. If the user's Cert or Ceit chain is on a mobile device 100, then it can be sent to 

lecipients along with any secure messages composed oil the mobile device 100 so that each 

recipient can verify a trast status of the Cert A goal of loadhag other user 's Certs and onto a 

mobile device 100 is to allow a mobile device user to select other entities or users with whom 

they might be exchanging secure messages, and to pre-load the bulky information onto the 
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mobile device 100 through a physical connection instead of ovef the aii; thus saving time and 
wiieless bandwidth when a secure message is leceived from or to be sent to such othei useis . 
Bulky inf bimation is geneially any electonic data that has laige byte sizes., Lcmding of CRLs 
on a mobile device may also allow a mobile device to determine the status of a received Ceit,. 

Refeiiing again to Fig. 1, there is normally a series of connections to wireless 
networks 110 and 105. As one skilled in the art will readily appreciate, these connections 
could include for example Integrated Seivices Digital Network (ISDN), Frame Relay oi Tl 
connections using the TCP/IP protocol used thioughout the Internet, These networks could 
represent distinct, uinque and unrelated networks, or they could represent the same network 
in different countries,. The term '^viceless network" is meant to include different types of 
networks, including but not limited to (1) data-centric wheless networks, (2) voice-centric 
wireless networks and (3) dual-mode networks that can support both voice and data 
communications over the same or similar physical base stations,. The newest of these 
combined networks include, but are not limited to (1) the Code Division Multiple Access 
(CDMA) network. (2) the Croupe Special Mobile or the Global System for Mobile 
Conmiunications (GSM) and the General Packet Radio Service (GPRS), both developed by 
the standards committee of CEPT, and (3) third-generation (3G) networks like Enhanced 
Data rates for Global Evolution (EDGE) and Universal Mobile Telecorrmmnications Systems 
(UMTS),. GPRS is a data overlay on top of the very popular GSM wireless network, 
operating in virtually every country in Europe. Some older examples of data-centiic network 
include, but are not limited to: (1) the Mobitex™ Radio Network ("Mobitex'O and (2) the 
DataTAC^** Radio Network ("DataTAC") Examples of older voice-centric data networks 
include Personal Communication Systems (PCS) networks like CDMA, GSM, Time Division 
Multiple Access (TDMA) systems. 
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Turning now to Hg,. 2, which is an illustiatlon of the main types of e-mail exchanges 
that aL'e commonly used today in the Intetnet, we fkst have a noimal exchange of e-mail 
messages (method 1). In this scenario, an e-mail is constracted using RFC822, RFC821 and 
MIME techniques and delivered using standard SMTP mail exchange protocols, as shown at 
120. The e-mail is then received and given to the addressed ns^s, as indicated at 125. Such 
noimal e-mail exchange is lypically secuie within a company oi' LAN such as 30 (Fig. 1) 
located behind a security firewall 22, but not between stand-alone users and/oi users on 
diffeient networks. 

Also commonly used aie VPN links for mtei-office message exchange (method 2), foi 
example between branch offices of (he same company, and sometimes between different 
companies that are worKng very closely together „ Using this method, a lower-level security 
called IP Security (IPSec) may be used to encrypt all data being exchanged between the two 
VPN locations, as shown at 130, When an encrypted e-mail is received at a conesponding 
VPN system^ it is decrypted into plain text and routed to addressed users, at 135 

E-mail exchange between different companies or users that have adopted a private 
security scheme is iUustiated in Hg,. 2 as method 3,. In this scenario, a pr otocol such as PGP, 
OpenPGP or' some other less widely used protocol is used to encrypt an e-mail before it is 
sent, at 140. Once received, a corresponding mail agent decrypts the e-mail and presents the 
plain text of the e-mail to the recipient, at 145., 

Methods 4, 5, 6 and 7 shown in Fig.. 2 relate to S/MIME. The methods are aU 

different variations of S/MIME. In method 4, a sendei' takes a digest of an e-mail message 

and signs the digest using the sender's private key, as shown at 150, A digest may for 

example be generated by performing a check-sum, CycHc Redundancy Check (CRC) or some 

other preferably non-reversible operation such as a hash on the message, and is then signed 

by the sender using the sender-'s private key, The signed digest is appended to the outgoing 
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message, possibly along with the Cert of the sendei, and possibly any chained Ceits and 
CRLs. The receivei of such a signed message also takes a digest of the message, compares 
this digest with the digest appended to the message, retrieves the sender's public key, usually 
by extracting the public key lErom the sendei's Cert, and verifies the signature on the 
appended digest. These operations axe pait of the signatuie verification indicated at 155 in 
Fig., 2. If the message content has been changed since it was signed by the sender; then the 
digests will be different or the signature on the digest will not verify properly,. This does not 
prevent anyone firom seeing the contents of the message, but does ensur'e the message has not 
been tampered with since it was signed by the sender, and that the message was signed by the 
person as indicated on the Tiom' field of the message. The Ceit, Cert chain and CRLs are 
used by a receiver to ensure that the sender*s Cert is valid, i,.e., that the Ceit has not been 
revoked oi expked, and trusted, The combination of a digest generated at a sender with the 
signatuie on the digest is typically ref erred to as a digital signatur e . Hereinafter, ref Ssrences to 
digital signatures should therefore be interpreted as including a digest and a signattire of the 
digest. 

Method 5 represents exchange of S/MIME encrypted messages. In this method, a 

one-time session key is generated, used to encrypt the body of a message^ typically with a 

synametiic cipher like Triple Data Encryption Standard (3DES). The session key is then 

encrypted using the public key of each intended receiver of the message, at 160 , Session key 

encryption is often accomplished using a public key encryption algorithm such as Rivest 

Shamir Adelman (RSA),. The S/MIME message, including the encrypted message and all 

encrypted versions of the session key, is sent to each receiver . Each receiver must then locate 

its corresponding encrypted session key, normally based on a Recipientlnfo summary of the 

receivers that is attached to the message, and decrypt that particular encoded session key 

using its private key, as indicated at 165 . Once the session key is decrypted, it is used to 
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deciypt the message body. An S/MIME message may also specify an enciyption algoiithm 
that must be used to deciypt the message. This mfoimation is noimally placed in a header of 
an S/MIMB message,. 

Exchange of messages that have been enciypted and then signed is shown in Fig . 2 as 
method 6, Accoiding to this scheme^ the sendei" first generates a one-time session key, 
encrypts the message body and then encrypts the session key with tlie public key of each 
receiver, as described above. The sender then talces a digest of the message, including the 
encrypted session keys, and signs the digest using its private key to geiieiate a digital 
signature, at 170,. Each receiver takes a digest of the message, compares this digest with the 
digest in the digital signature appended to the message, retrieves the sender *s public key, and 
verifies the signature on the digest, as described above The collect session key is then 
located and decrypted with the lecdvei's private key, which then allows the message body to 
be deciypted,. Signature verification and message decryption according to this method are 
shown in Hg. 2 at 175,, 

Method 7 in Fig. 2 illustrates exchanging messages that have been signed and then 
encrypted,. A digital signature is generated by a sender substantially as described above, at 
180. This digital signature, as weU as possibly the sender's Ceit, Cert chain and CRLs are all 
appended to the outgoing message- A session key is then generated and is used to encrypt the 
message body, digital signature, and any Certs and CRI^. The session key is encrypted with 
the public key of each receiver , The resultant S/MIME message, including the enciypted 
versions of the session key, is transmitted to the receiver,. When a receiver receives such a 
message, as shown at 185, it must first deciypt its corresponding encrypted session key with 
its private key,. The deciypted session key is then used to decrypt the message body, digital 
signature, and any Certs and CRLs of the message sender. The digital signature can then be 
verified as described above.. 
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Kg, 3 is block diagiam illustrating components of a system supporting both secure 
and unsecuie e-mail exchanges, and is useful in demonstrating some of the general 
chajacteiistics and functions of secure messaging in contrast with standard typically unsecure 
inessaging such as Inteiuet-based e-mail. In Fig. 3, the example corporate networks 30a and 
30b are secure networks located behind respective secmlty firewalls 22a and 22b., Although 
users on networks 30a and 30b» shown as desktop computer systems 35a, 35b, are preferably 
enabled for secure messaging with other user systems on either of the networks as desciibed 
in ftnther detail below, such user systems will normally also be able to communicate with 
unsecure systems, such as an e-mail sender* system 12. 

When the e-mail sender 12 sends an e-mail message 15 to a user on the LAN 30a, the 
message 15 traverses the WAN 20, which is perhaps most often the Latemet, and is received 
by the message setvei 40a in the LAN 30a.. Since the e-mail message sender- 12 is unsecure, 
the e-mail message 15 would normally be transferred to the message server- 40 on LAN 30a 
in the clear ,. 

i 

Messaging between users on LANs 30a and 30b proceeds somewhat differenfly, since 

both networks are enabled for secure e-mail communications,. Users sending e-mail from 

LAN 30a to one oi' more users on LAN 30b would presumably know that they can use 

S/MIME to secure the e-mail. The sender of an e-mail message, using desktop computer 

system 35a for example, preferably selects an encoding method from a plurality of encoding 

methods, which for illustrative purposes is assumed to be signed and then encrypted 

S/MIME. The desktop computer system 35a or possibly the message server 40a, or more 

likely software executing on either- the desktop system or server^ wUl generate a digital 

signature for the e-mail message, and include the digital signature and possibly the Cei:t(s) 

and CRLs for the sender in the outgoing message., The desktop computer system 35a or 

server 40a will then generate a session key, encrypt the entire message, fetch (or retrieve) a 
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copy of the public key foi- each leceiver fiDm a PKS 600 foi example, and encrypt the session 
key for each receiver.. A PKS 600 is preferably a seivei that is xioiraally associated with a 
CA from which a Cert for- an entity, iuclnding the entity's public key, is available.. It will be 
obvious to one skilled in the art that the PKS could reside within a corporate firewall 22a, 
22b, or' anywhere on the WAN 20, Internet or other network through which message senders 
and leceivers may establish communications with the PKS. It should also be obvious that a 
message sender need not necessarily always fetch or retiieve an intended receiver *s public 
key, for example where the receiver's Cert or public key is already stored on a storage device 
at the sender system.. 

The resulting message that is transferred to the message server 40b via the WAN 20, 
shown as 200 in Fig.. 3, has an encrypted signature-related information component 202, which 
may inclxide the sender's Cert, Cert chain, CRLs and digital signature, an encrypted message 
body portion 204 corresponding to the original e-mail message composed at the desktop 
system 35a, and one or more encrypted session keys 206. The components 202 and 204 are 
encrypted using the session key, whereas each receiver's public key is used to encrypt the 
session key, as described above., Depending upon the particular secure messaging scheme in 
place between lANs 30a and 30b, a secure message may contain different or additional 
components than those shown in Fig. 3, or the same or similar components in a different 
Older Of course, a secure message 200 would also include at least one destination address 
and possibly other header inf ormation that must be left in the clear to provide for routing of a 
message to recipients, Since such additional and/or- different message fields will be apparent 
to those skilled in the art, iJiey have not been explicitly shown in the drawings,. 

Fig.. 4 is a block diagram which illustiates received encrypted message size reduction. 

Reducing message size itnproves the processing and transmission of public-key encrypted 

messages, via a wheless network, to mobile devices. The system shown in Fig. 4 includes an 
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e-mail message sender 402 enabled for secure e-maU messaging, a WAN 404, which would 
in most cases be the Internet, a coipoi'ate LAN 406 as an example host location, a wireless 
gateway 408, a wireless netwoik 410, and mobile devices 412 and 414,. The example host 
location in Fig., 4 is a coipoxate LAN 406 located behind a security fjiewall 403 and includes 
a message seivei 405, a desktop computer system 407 and a wireless connectoi system 409 
lunning on, in conjunction with, oi as an integiated module of the message serve: 405 . The 
operation of the system shown in Fig. 4 will be described in detail below by way of an 
illustrative example in which an e-mail message is composed at the secure e mail sender 402 
and sent to users A and B, each of whom are useis of a mobile device 412 oi 414 as well as a 
desktop computei- system 407 at the host location, i e. LAN 4Cte, only one of which is shown.. 

As shown in Fig, 4^ the e-mail sender" 402 composes an e-mail message at least 
comprising a destination address and electionic text destined for users A and B» In this 
example, the e-mail message is encrypted using a one-time session key chosen by the e-mail 
sender 402, substantially as described above* The e mail sender "^402 then encrypts the 
session key using the public key for each of the recipients of the e-mail, namely users A and 
B., As was also described above, the public keys may have been rettieved fiom a local stoiage 
atea, a PKS resident within a network (not shown) in which the e-mail sender system 402 is 
configured to operate, or a PKS resident on the WAN 404 oi other network with which the e- 
mail sender 402 may communicate. In this example, the location of the PKS and the location 
of the public keys are not important,. The system is in no way dependent upon any paiticuiai 
key management scheme at an e- mail message sender- such as 402 .. 

A secure message 416, including the encrypted message 418, and encrypted versions 

of the session key 420, 422 for aU recipients, is sent thr ough the WAN 404 to the r ecipients' 

addresses on the message server 405 , It should be appreciated that the message components 

shown at 416 represent those components that are directly involved in the system.. A message 
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sent by an e-mail message sendei such as 402 may include additioual components on the 
components shown at 416 may be included in a different ordei than shown, without affecting 
operations associated with ttds aspect of the system., 

When the message is leceived at the message seiver 405, possibly through one oi' 
mote farther computei systems (not shown) at the host location and connected to die WAN 
404, the wireless cormectoi' system 409 detects the secure and encrypted message. The 
system 409 also determines that users A and B have associated mobile devices 412, 414 to 
which the received secure message should be sent via the wireless netwoik. 

Accor ding to this aspect, the system 409 reduces the size of the message by removing 
any encrypted session keys that are not needed by each individual user's mobile device 100. 
An S/MIME message foi" example includes a Redpientlnf b list which provides a map as to 
which encrypted session key corresponds to each recipient in the To, Cc or Bcc fields in the 
message., Therefore, the system 409 may consult the Recipientinf b list to determine which 
encrypted session key should be sent to each recipient . 

As shown in Fig. 4, the system 409 detects the received message 416 addressed to 
both usets A and B, and sends a modified copy of the message 416 to each user's mobile 
device, The message sent to user A's mobile device 412 is shown in more detail at 424 and 
includes the encrypted message body 418 and only one encrypted session key 420 that was 
encrypted using usei A's public key. The encrypted session key 422 for user- B, which cannot 
be used by user- A, is removed from the message sent to mobile device 412 by the system 
409,. Similariy, the system 409 removes the encrypted session key 420 intended for user A 
from the received encrypted message and sends to the mobile device 414 a resultant message 
including the encrypted message body 418 and the encrypted session key 422 for user B, as 
shown at 426,. 
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Since each user receives its corresponding encrypted session key as pait of the secure 
message, the secure message can be processed at each device 412, 414 even though othei 
information in the original secure message 416 sent by the e-mail sender 402 has been 
removed by the system 409., Hie encrypted session key can be decrypted on each mobile 
device 412, 414 using each user's respective private key resident on the mobile device and 
then used to decrypt the message body. As desciibed above, a user's pxivate key may for 
example be transferred from the user*s desMop computer system such as 407 to the user's 
mobile device via a physical connection (not shown in Fig. 4),. After decryption of the 
message body, a user inteiface on the mobile device can then present the unencrypted 
message on a display of the device* 

By re-oiganizing the original message as described above, all urmecessaiy encrypted 
versions of the session key are removed from the original message, thereby reducing the size 
of a message sent via a wiieless network to a mobile device. For' an S/MUvIE message, since 
a mobile device receives only its corresponding encrypted version of the session key, the 
Recipientlnfb list is not needed and may also be removed, further- reducing message size. 
Since the number* of encrypted vei sions of a session key and the size of a Recipientlnfo list if 
present increases with the number* of recipients in an original message, message size 
reduction can be patticulatly effective for original messages with lar ge numbers of recipients. 

Although the example system shown in Fig.. 4 includes a message server 405 atd 
system 409 in a corporate I,AN 406 behind a security fitewall 403, the system is also 
applicable to other types of systems, for- example where mobile device user has a computer- 
system connected to the Internet directly or through an ISP for example. In this case, the 
desktop computer system implements the wireless connector system, preferably as a desktop 
version of wireless cormector' system operating with an electronic message program operating 

at the desktop computer system.. Examples of electronic message programs include, but are 
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not limited to, MS Outloolc:, L.otas Notes, and Eudora., The piograms may access mail stoned 
at a first data store device (not located at the desktop computer) through one oi more means 
including POP . The desktop-based wireless connectoi in conjuncticm with the electronic 
message piogtam would send received messages to the user's mobile device, via the wireless 
network 410, and perfoims the message size reduction operations described above- 
Fig., 5 is a block diagram illustr ating received signed message size reduction., The 
overall system shown in Fig. 5 is similar to system of Fig, 4, with system components in Fig., 
5 being substantially the same as similaxly labelled components in Fig 4, although its 
operation is somewhat diHbrent as will be described below. 

For lUustiative purposes, it is assumed Ihat a usei' sending an e-mail message f5com the 
system 502 to both users A and B decides to sign the message to so liiat users A and B may 
confirm the sender' is the true sender of the message and that what is received is what was 
sent by the sender.. In order to allow a message receiver to conBim that the sender 's signatme 
is authentic, the e -mail sender 502 normally attaches their Ceit, any other Certs in a Cert 
chain, and possibly a cmrent CRL-, The secme message that is sent from the e mail sender 
502 may thus have a form as shown at 516, including the sender's Cert, Ceit chain, CRL and 
digital signature 518 and the message body 520., In S/MDwIE, Certs, chams, CRLs and 
signatures are noimaHy placed at the beginning of a message body as shown in Fig., 5,. 
Messages according to other' secure messaging schemes may place message components in a 
different order than shown or include additional and/or' different components,. 

A secure message such as 516 would normally be sent through a WAN 504 such as 
the internet to addressed recipients.. In Fig. 5, the message is addressed to only two 
recipients, both recipients each having an electrordc mailbox account associated with the 
same message seiver 505, although the system is in no way limited thereto.. The example 

system in Fig. 5 is merely a system example and is intended only for illustrative purposes 
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Once teceived by the message server 505, the secuie message is routed to each 
iecipient*s e-mail account on the servei 505 . The wireless connector system 509 detects the 
new message and also determines whethei oi not the message should be sent via the wireless 
network to a mobile device foi any lecipient. If so, then the system 509 re-organizes the 
message to place the message body first, followed by the digital signatuie and then the Ceit, 
Ceit chain and CRI^s. The Ceit, Ceit chain and CRLs are then preferably stored by the 
system 509 at the host system A message including at least the message body and digital 
signature is then sent, via the wireless network, to the mobile devices 512 and 514 of the 
recipients, users A and B, as shown at 522 and 526,. The digital signatui'e 524, 528 is 
effectively a truncated foxm of the oiiginal signature, Ceit, Cert chain and CRL component 
518,. Although labelled differently in messages 522 and 526, the signatures 524 and 528 are 
actually the same signatuie generated by the e-mail sender 502.. The Ceit, Ceit chain and 
CRLs are not initially sent to the mobile devices 512, 514 with the message body and 
signatur e, based on an assumption that the Certs and CRLs may aheady have been pre-loaded 
onto a stomge device in the devices, for example using a physical connection 515, 517 to the 
user's desktop computer system 511, 513,. It is also possible that the sender's Cert and Cert 
chain may have been attached to a previous secure message sent, via the wireless network, to 
the mobile devices 512, 514 and subsequently stored on the mobile devices.. An up-to-date 
CRL might similarly aheady be available on the mobile devices 512, 514,. In these 
circumstances, a Cert, Cert chain and CRL would not be used at the mobile devices 5X2, 514 
even if they were sent. If any of this information is required but not available on the mobile 
devices 5 12, 5 14, it may then be requested from the wireless connector system 509 

As described above, a user- may view the content of a signed message without first 

verifying a signature - The Cert, Cert chain and CRLs are only required when a mobile device 

usei', user A for example, wishes to verify the signature 524 on the message from the e-mail 
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sendei 502 If these components aie available on the mobile device 512, then signatisie 
verification opeiations may be completed without further communications between the 
mobile device 512 and the LAN 506,. However, if this Ceit and CRL infotmation is not 
available for a message sender from which a signed message is received, then accot'ding to 
another' aspect of the system, the user can submit a request to the system 509 to send the rest 
of the message original message, particularly any Certs and CRLs that were removed before 
the message was sent, via the wireless network 510, to the naobile device and stored at the 
host location (LAN 506) by the system 509. The Ceits and CRLs, once r-eceived at the 
mobile device 512, allow the signature to be fully checked and verified. 

Removal of relatively bulky (i*e., large byte-sized electrotuc data) Certs and CRLs 
fiom received signed mes^^ges before they aie transmitted to mobile devices can 
significantly reduce the size of signed messages that are transferred through the wireless 
netwoik 510, thereby conserving wireless network resources, and reducing the bandwidth and 
time requir ed to transmit signed messages to mobile devices . 

In a further embodiment of this aspect of the system, a user's host system 511, 513 
includes a Ceit synchronization system, shown in further' detail in Fig. 6, which is a block 
diagram qf a system in which the size of a signed message is reduced based on information 
stored at a mobile device,. In Fig. 6, system components outside the host system location at 
which the wireless cormector system is operating have not been shown in order to avoid 
congestion in the drawing. Connections between the message seivei" and host computer 
systems have also b^n omitted for' clarity. It should be apparent, however, that the system 
shown in Fig., 6 may include such other components and connections as are common in 
messaging systems. 

The example system in Fig. 6 iucludes a message server- 602, wireless cormector' 

system 604 and two desktop computer systems 606, 614. Each desktop computer' system 
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includes a physical connection 608, 616 ^axmgh which Ceits, CRLs, and possibly other 
lelatively buUcy infoimation may be tiansfeired to a user's mobile device (not shown). 
According to this embodiment of the system, each deslitop computet system 606, 614 
includes a Ceit synchronization (sync) system 610, 618, which in most implementations will 
be a software application. Hie Cert sync systems 610, 618 inteiface with the physical 
connections 608, 616 and data stoies 612, 620 on the host computer systems 606, 614. The 
data stores 612, 620, as those skilled in die art will appieciate, could possibly be any 
computer stoiage medium, including foi example a local haid disk diive or othei memory 
unit. It is also contemplated that Ceits and CRLs, which aie public infoimation, could be 
shared between computet systems within a netwoik foi example, such that the stores 612, 620 
are actually the same data store, for example on a network file server. 

Using the Cert sync system 610, usei- A can prefeiably select and transfer Certs and 
possibly CRLs if desired, to his oi' hex mobile device when the mobile device is connected to 
the desktop compute: system via the connection 608 Howevei, since CRLs tend to be large 
and thus require significant memory resources foi storage, useiis will likely most often 
tiansfei only Ceits to mobile devices, The Celt sync system may then be configuied to 
consult a coiresponding CRL to ensure that a Ceit has not been revoked before the Cett is 
tiansfened to a mobile device, or alternatively to remove any revoked Ceits fiom a list of 
Celts available for dowraload. On a device. Certs could be stored in a data store such as a 
Random Access Memoiy (RAM), flash memory or othei such memory component to which 
data may be written on a mobile device., Certs may instead possibly be written to a 
removable memory card, smart card or similar component with which a mobile device is 
designed to operate. 

As shown in Fig. 6, each Ceit sync system 610, 618 is also enabled for 

communication with the wireless coimector- system 604 . This allows a Ceit sync system to 
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mfoim the wireless coimectoi system of wMch Celts have been loaded onto a usei^s mobile 
device,. This may be accomplished fox example by tiansmittiug either a complete up- to- date 
list of all Celts on a device oi a last of Ceit additions and deletions each thne a Cat sync 
system is used to peifoim any device-related opeiations . Cett updates could also be sent to 
the wiieless connector system 604 whenevei new Ceits aie detected on a mobile device by a 
Celt sync system when the mobile device is connected to its desktop computet system.. 
Although the Cent sync system is useful foi loading paiticulai Celts fox entities from which a 
mobile device usei expects to receive signed messages, there may be situations in which a 
mobile device user obtains a Cert from other sources such as a CA, In this case, a Cert sync 
system could be configured to determine whether any Certs have been loaded onto a mobile 
device since the last Cert transfer using the Celt sync system, and if so, to transmit a device 
Cert update to the wireless connector system 604. 

When such a device Cert update is received from a desktop computer system 606, 
614, a usei profile mamtained for the particulai user- by the wireless connector system 604 in 
a data store 622 is updated. Although the user profiles 624, 626 may include such 
information as user name, configuration settings to control which messages are sent over- the 
wiieless network, mobile device identification infoimation and possibly fuithei user-, 
configuration- oi mobile device-related information, the wireless connector system 604 
preferably also stores a list of Certs that are stored on a user's mobile device. In the example 
shown in Fig.. 6, user A^s mobile device stores a Cert foi an entity X, as mdicated by [Celt 
X\, whereas user B has stored a Cert for entity Y, [Cert Y], on their mobile device. A single 
Cert is shown in the user profiles 624, 626 for illustrative purposes only; a mobile device 
preferably has sufficient memory resources to store multiple Certs , 

men a signed message 628, including a Cert, Cert chain CRLs and digital signature 

component 630 and message body 632, arrives at the message server 602, it is detected by the 
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wiieless coimectoi system 604 as desciibed above., The original message is then leairanged 
such that the message body is placed fiist, followed by the digital signatuie and signature- 
related information,. In accordance with this embodiment of Qie system, the wireless 
connectoi system 604 then deteimines if any of the signature-related information is lequired 
by each mobile device to which the message is to be sent, by consulting the nsei profile foi 
each addressed mobile device user., Since the sendei's Ceit, Ceit X, has been stored to user' 
A's mobile device* a learianged message 634, including only the message body 632 and 
digital signatuie 636, is sent to usei A*s mobile device. Although a Cert foi* an entity Y has 
been stored on user B's mobile device, the Cert X foi the sendei of the oiiginal message 628 
is not available on user B's mobile device, such that the reaitanged message to user B*s 
mobile device includes both the message body 632 and signature related infoimation and 
digital signature component 630., As above, the wireless connector system 604 may instead 
stoie the signature-related infoimation fot latei" transmission to user B's mobile device and 
initially send only the message body and digital signatuie . 

The use of a Cert sync system 610, 618 and device signature- related infoimation 
accessible to the wireless connectoi system 604 allows the wireless coimector system 604 to 
determine the infoimation that a paiticulai' mobile device requiies and to remove any 
unnecessary information from a message sent to that mobile device . Instead of assuming that a 
mobile device may have stored a Cert as in the preceding embodiment, the wireless coimector 
system 604 can determine whether' oi not the device has stored the Cert,. The user profiles may 
also possibly be used to specify other" configuration settings, to indicate for example that CRLs 
should never be sent to a usex'*s mobile device or that signature-related infcM:mation should only 
be sent to a user's mobile device only if requested,. 

In refaence now to Figs 7 and 8, the impact of performing either message signing or 

encryption first, to generate a message that is both signed and encrypted, will be discussed.. 
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When a message is enciypted Sist and then signed, one set of le-oiganizing and/oi' message 
reduction schemes can be applied. When a message is signed fiist and then enciypted, othei re- 
organizing and size i eduction techniques are applicable. As will be apparent, only a host 
location poition (message seivei" and wiieless connectoi' system) of a messaging system is 
shown in each of Figs,. 7 and 8* 

Fig,. 7 is a block diagram illustrating secure message size reduction for a teceived 
message that has been enciypted and then signed. Such a message 706 would typically 
include a message body 710 that is enciypted using a one-time session key established by the 
sender.. The session key is then encrypted using a pubEc key of each intended message 
recipient, in this example users A and B, to generate an enciypted session key 712, 714 for 
each user. The enciypted message body 710 and enciypted session keys 712, 714 are then 
signed, substantially as described above. Although signing is peifbimed af tei enciyption, the 
message component 708, with a Cert, possibly a Ceit chain and one or more CRLs in addition 
to the digital signature, may be at the beginning of the secme me^ge as in S/MIME for 
example. 

This encrypted and signed message 706, with the session keys 712, 714 and digital 

signature and signature-ielated infodmation 708, is received by the message servei 702, which 

processes fche message and places it into the appiopiiate mailboxes fox users A and B.. The 

wireless connectoi system 704 detects the new message and begins the process to send the 

message to each recipient that has a mobile device, Before the message is sent to a mobile 

device, the digital signature and Cert section 708 of the message is prefeiably at least 

reaiianged such that the digital signatuie and signatuie-ielated information is moved to the 

end of the message.. Since the enciypted message body 710 and session keys 712, 714 are all 

signed, only the signature and signature-related information can be reananged ox removed 

from the message,. If the wireless connector system 704 weie to process the message 706 to 
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reaiiange oi remove any of the signed components before sending the message to a mobile 
device, the signature verification will fail at the mobile device . 

As described above, the wireless connectoi system 704 may lemove the Ceit, as well 
as any Cert chain and CRLs if included in the message 706, and store these components for 
latei transmission to mobie devices. Where the wiieless connector' system 704 can 
deteimme which Certs are available on an addressed recipient's mobile device, the Ceit could 
be sent only if it is not available on the mobfle device. In the example shown in Fig.. 7, only 
the digital signature 718 and signed components 710, 712, 714 of the otiginal message 706 
are sent in a message 716 to usei A. This would occur when all signature-related information 
is removed before a received message is sent or when the wireless connector system 704 
detects that the sender's Cert in the original message 706 has been loaded onto user A's 
mobile device. In the case of user B, both the Cert and the digital signature 722 are sent 
along with the signed components 710, 712; 714 in a message 720 to user B's mobile device, 
if the wiieless connector system 704 determines that the Ceit in the original message 706 has 
not been loaded on user B's mobile device for example. 

Theref ore, when a secure message is encrypted and then signed, a digital signadire 
and any signature-related inf ormation may be rearranged to the end of the message and some 
or all of the signature-related information may be removed from the message. 

Rg, 8 is a block diagram illustrating secure message size reduction for a received 

message that has been signed and then encrypted.. In this case, a sender' generates a digital 

signature for a composed message and attaches the digital signatoe, Ceit, and possibly a Cert 

chain and CRL to the message For an S/MJME message, the digital signature, Ceit and any 

chained Ceits and CRLs are attached at the beginning of the message* The entire signed 

message is then encrypted using a one-time session key, and the session key is encrypted for 

each receiver addressed in the message, using the public key of each receiver, as described 
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above. The lesisltant message is shown at 806, including a digital signature and signatciie"" 
related infoimation 808 and a message body 810, both enciypted using the session key, 
followed by enciypted versions of the session key 812, 814 for each receiver. 

"When the signed and enciypted message 806 is leceived and placed into the 
appropiiate mailboxes for useis A and B by the message servei' 802, the vmeless connector 
system 804 detects the new message and deteimines if any of the addiessed message 
receiveis has a mobile device (not shown) and whether or not the message is to be sent to a 
mobile device . 3f so, then a message is prepared foi sending to each mobile device including 
the enciypted portions of the original received message and only the paiticulax session key 
conesponding to the mobile device In Fig. 8, the digital signature and signamre- related 
information 808 is encrypted and thus cannot be identified and rearranged by the wireless 
connector system 804. Theiefbie, the messages 816, 818 sent by the wireless connector 
system 804 to the mobile devices of users A and B each include the enciypted digital 
signature and signature- related information 808 and the signed and enciypted mes^ge body 
810 of the original message and only the respective enciypted session key 812, 814 for the 
mobile device. At each mobile device, the session key can be decrypted and used to decrypt 
the encrypted portions 808, 810 of the message to expose the original message body, the 
digital signatore and the signature-related inf biniation components . The message may then 
be viewed and digital signature verification can proceed on each mobile device 

As described above, when the wireless connector system 804 sends only the required 
enciypted session key to each mobile device, the Recipientlnfo field (not shown) may also be 
removed from an encrypted message to further- reduce the size of a message transmitted over 
a wiieless network . 

The embodiments of the system described above f ocus on leairanging and reducing 

the size of a secure message before sending it to a mobile device. Several further 
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embodiments which pxovide different ways to pre iHXKJess a message to teduce data that must 
be transmitted ovei the aic to a mobile device will now be described. One advantage of 
message pfe-piiocessing is that alternative techniques can be applied to messages that are both 
signed and enciypted, which are the most difficult messages to reanange to rednce size, as 
will be appaient from the foregoing description. 

Fig. 9 is a block diagram showing an encrypted message pre-piocessing system. The 
ovea:all system is similai to the systems desciibed above, in that the components shown in 
Fig. 9 are substantially the same as similaily labelled components in preceding Figuies* As 
shown at 916, an enciypted e-maU message fiom an e-mail sender 902 addressed to useis A 
and B includes an enciypted message body 918, and two enciypted session keys 920 and 922., 
As will be apparent to those skilled in the ait, the portions of the enciypted message 918 need 
not necessarily be in the order shown in Fig. 9, In this example, It is assumed that a user's 
desktop computer system, one of which is shown at 907, and the user 's mobile device 912 oi 
914, effectively share a common address, a feature supported by the wireless coimector 
system 909. However; in some systems, a message might be addressed to both the usei*s 
mail account on a message server 905 and the user's wireless mail accoxmt. When wireless 
connector system 909 is implemented, it is more likely that the message will be addressed to 
a user 's account on the message server 905 

In a preferred embodiment of the system, it is possible to share a single private key 

between a usei*s desktop computer system 907 and mobile device 912, 914 by loading the 

private key into the mobile device using, for example, the physical coimection 50 and 

interface 65 as shown in Fig,. 1 or' some other trusted wired oi wireless transfer mechanism. 

Where a user's desktop computer system 907 is configured for operation with a smart card or 

similar' removable secmity- enabling component, this private key loading could be performed 

by a user by inserting fheii' smart- card into a card r^er and running a component of the 
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wiieless connectoi system 909, and/or possibly a softwaie component on the desktop 
computer system 907, to load the private key from the card reader directly into a memory of a 
mobile device. Alteanatively. a card readei could be integrated into the mobile device to 
allow a user to access a private key using eifiher a desktop computer system or a mobile 
device,, Such private key sharing provides for mirrored e-mail stores at the two locations, i..e. 
a user's deslttop computer system 907 and mobile device 912 or 914 , 

1 

When the message 916 is sent by the sendei 902, it is eventually routed through the 
WAN 904 to the message server 905 for processing and f biwarding to the e-mail accounts of 
the addressed receivers, users A and B=. The wireless connector' system 909 detects the new 
message and determines whether or not it should be sent to a mobile device of any of the 
receivers.. In accordance with ah aspect of the system, for each receiver for which the 
message is to be sent to a mobile device, the wireless coimector" system 909 decrypts the 
message using the session key, re-encrypts the message using a different key and possibly a 
different encryption algorithm corresponding to a wireless-friendly secuiity scheme 
implemented between the wireless coimector system 909 and its associated mobile devices 
912, 914, and sends the le-enctypted message to the receiver's mobile device., Such le- 
encrypted messages are shown at 924 and 926. 

Since each version of the session key is encrypted with a specific public key of a 

particulai mobile device 912, 914, the wireless connector system 909 must somehow decrypt 

the session key before the message body can be decrypted and re-encrypted. In one 

embodiment of this aspect of the system, the wireless connector' system 909 extiacts the 

correct session key 920, 922 for each mobile device 912, 914 to which the received message 

is to be sent and sends it to each mobile device. For example, after' extracting the correct 

encrypted session key for a ruobile device usei' such as user A, the wireless coimector system 

909 may build a message that contains only the encrypted session key 920. The mobile 
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device 912 receives this message and extracts the session key 920 from the message. Tlie 
session key is then decrypted, prefei'abiy re-enciypted according to the above witeless- 
friendly secmity scheme, and sent back to the wireless connectoi system 909 . The wiieless 
connectoi system 909 then deciypts the le-encxypted session key and uses the decrypted 
session key to deciypt the enctypted message body on behalf of user A, The decrypted 
message body can then be le enciypted according to the wiieless-ftiendly security scheme 
and sent to mobile device 912,. The le-enciypted message may then be decrypted on the 
mobile device 912 and displayed to user A . A similai process would be performed between 
the witeless connector system 909 and each mobile device to which a I'eceived encrypted 
message is to be sent. 

This decrjption of a message by the wireless connectoi system 909 reduces the 
amount of complex public key decryption operations that must be performed on a mobile 
device,, Additionally, this allows the wireless connectoi system 909 to send only portions of 
the message to each mobile device, in the case of a very lar ge & mail message Although the 
session key and message exchange described above could be repeated for each usei; once the 
session key is decrypted and retmned to the wireless connector system 909 by one mobile 
device and the encrypted message body is decrypted, the decrypted message body could then 
be re- encrypted for each mobile device to which the message is to be sent, This could 
simplify operations at the wireless coimectoi" system 909 in that the encrypted message body 
is decrypted only once, even when the message is to be sent to multiple mobile devices, and 
may also result in faster message transmission to some mobile devices, since a response Vvdth 
a re-enciypted session key need only be received by the wireless connector system 909 from 
one mobile device, not from each mobile device to which a message is to be sent . 

In some systems in which a desktop computer system such as 907 and a mobile 

device share a common private key, the private key might be accessible to the message server 
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905 and wireless connectoi system 909* Although this may be an unlikely scenario 
depending upon how piivate key technology evolves, this method does have the advantage of 
reducing the number of steps in an enciypted message deciyption and transmission process, 
and also removes the need to send the deciypted session key over the air; As in the preceding 
embodiment, deciyption of a message by fhe wireless connectoi system 909 leduces the 
number" of public key opeiations that a mobile device must peifoim.. 

According to this embodiment of the system, the wbieless connectoi system 909 has 
access to the piivate keys fbi any addressed leceiveis for which it provides wiieless 
communication service Instead of sending an encrypted session key directly to a mobile 
device as in the pieceding embodiment, the wireless coimectoi system uses the private key 
shared with the device to deciypt the session key,. The session key is then used to decrypt the 
enciypted message body., For usei" A f bi' example, the wireless connector system 909 would 
extract the enciypted session key 920 from the message 916, decrypt the session key using 
user A's piivate key, and use the session key to deciypt the encrypted message body 918. 
Once the message body is deciypted, it is re cnciypted using a wiieless-fiiendly encryption 
method and tiansmitted to the appropriate mobile device, substantially as described above. 
The mobile device then decrypts the message and piesents it to the user in its original form. 
This procedure provides the f astest message delivery time with the least amount of public key 
opeiations, which tend to be very processoi ■ and powei-intensive, on a mobile device. 

It will be appai'ent that decryption and re-encryption of encrypted messages by the 

wireless cxjrmectoi system 909 would normally represent a security concern, llowevei-, in the 

system shown in Fig., 9, the deciyption and re-enciyption ate peiformed behind the security 

firewall 903 and decrypted information therefore i^mains as secure as any other' information 

in the corporate LAN 906. "When a stiong encryption scheme such as 3DES is used between 

the wireless connectoi system 909 and mobile devices 912, 914, any previously decrypted 
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information, including deciypted messages oi' session keys, lemains secure while being 
transfeixed between the wireless connector system 909 and mobile devices 912, 914., 

Fig., 10 is a block diagi'am of a signed message pre-processing system.. The system in 
Fig . 10 is similai to the system in Fig . 9, with similarly labelled components in Figs. 9 and 10 
being substantially similai", although the system of Fig. 10 pre-pracesses signed messages , hi 
Fig.. 10, digital signature veiification is peifbimed on behalf" of a mobile device user at the 
user's host system location (LAN 1006), thus saving the transmission of the digital signature 
and typically bulky signatuie-ielated data,. 

A message 1016 signed by an e-maU message sender 1002 would include a digital 
signature component 1018 and a message body component 1020, as desciibed above. When 
the signed message 1016 is received and forwarded to appropriate mailboxes by the message 
seivei 1005, the wireless connector system 1009 detects the new message and dateimines 
whether or not it should be sent to one or more mobile devices . In the example in Fig. 10, the 
message should be sent to both mobile devices 1012 and 1014. 

The wireless connector system 1009 then detects diat the message hag been signed 

and attempts to find the public key of the sender ., This public key could be relieved from a 

local storage area or possibly from a PKS 1028 somewhere on the WAN 1004 . Once the 

public key of the sender is retrieved, the digital signature can be verified by the wireless 

connector system 1009 on behalf of each mobile device user . A message is then prepared 

and forwarded to each mobile device 1012, 1014, preferably including an indication as to 

whether or not the digital signature was verified. As shown at 1024, 1025 and 1026, 1027, 

the original message body 1020 and signature indication are re-enveloped and possibly 

encrypted for' security before being sent to the mobile devices 1012, 1014., Although the 

signature indication is not necessarily confidential, encryption thereof prevents an 

unauthorized party ftom inserting an incorrect signature indication or changing a signature 
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indication. At each device, the outer envelope is reinoved and the message and signatare 
indication are decxiypted if necessary before being presented to the nseiv 

Fig. 1 1 is a block diagiam illustrating secure message pre-piocessing foi a leceived 
message that has been encrypted and then signed. In order to avoid congestion in the 
drawing, only the message servei 1102 and wiieless connectoi' system 1104 me shown* It 
should be apparent to those skilled in the ait that tbese components could be implemented in 
a system such as shown in the preceding drawings,. 

A secure message 1106 that has been enciypted and then signed may include such 
components as a digital signature and signatuie-xelated information component 1108, an 
encrypted and signed message body 1110 and encrypted and signed session keys U12 and 
1114. Generation of such messages has been described in detail above. When such a 
message is received at the message setver 1102 and distributed to appropriate user* mailboxes 
for users A and the wiieless coimectoi system 1104 detects the new message and 
determines, in this example, that the message is to be sent to the mobile device of each of 
users A and B . Since the message has been both signed and encrypted, pre-processing of the 
message includes several steps fiom each of the pre-processing schemes described above in 
conjunction with Figs 9 and 10 , 

The message 1106 has been encrypted first and signed second, such that the wireless 

connector system 1104 preferably first verifies the digital signature using the sender^ s public 

key., This key may be retrieved ftom a local memory or through a PKS fox- example. 

Whether or not the sender's digital signature is verified, pre processing may proceed to 

obtain the session key used to encrypt the message. As described above, this may be 

accomplished by the wireless cormector system 1104 by sending to a mobile device a 

corresponding encrypted version of the session key or, if the device's private key is 

accessible to the wireless connector system 1 104, by accessing the private key and decrypting 
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the session key,. Once the session key has been deciypted by or retained to the wireless 
connectoi system 1104, the message can be deciypted. The deciypted message, and 
preferably a signature indication that the message was signed and whethei or not the digital 
signature was vetified, are then re- enciypted using a wireless fiiendly encryption algoiitfam 
and sent to each mobile device to which the message is to be sent, As shown at 1116 and 
1122, the messages sent to the mobile devices of users A and B include the message body 
1118, 1124 and a signature indication 1120, 1126, both of which are preierably enciypted. 
Each mobile device can then decrypt the message 1116, 1122 and present the message and 
signature indication to the mobile device user . 

Fig.. 12 is a block diagram similar to Fig.. 11 but illustrating secure iriessage pre- 
processing for a received message that has been signed and then encrypted., As in Hg. 11, 
only a message server 12Q2 and wireless connector system 1204 are shown in Fig 12 to 
avoid congestion,. However, it should be appreciated that the arrangement in Fig. 12 would 
normally be irnpleraentsed as part of a larger system such as shown in Fig. 1 for example, 
which enables electronic message exchange 

A signed and then encrypted message, as described above and shown at 1206, 
typically comprises a digital signature and signature-related information component 1208 and 
a message body component 1210, both of which were encrypted by a sendei- using a one-time 
session key, as well as encrypted versions Of the session key 1212, 1214 for each addressed 
recipient of the message 1206, in this example users A and B.. When the message 1206 is 
received by the message server' 1202 and distributed to appropriate user mailboxes, the 
wireless connector system 1206 detects the new m^sage and deteimines to which, if any^ 
mobile devices the message is to be sent.. 

Since fee message 1206 has been signed first and then encrypted, dae wheless 

connector system 1204 must first decrypt the message before any further pre-processmg can 
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be peifbtmed. To this end, tihie wkeless connector system 1204 obtains the session key, 
which as desciibed above may be accomplished by sending the coiresponding respective 
enciypted session key to a mobile device for deciyption oi by accessmg a user's pdvate key 
and decrypting the session key. Once the session key has been returned to or deciypted by 
the wireless connector system 1204, the message 1206 can be deaypted and the digital 
signatoie and signature- related infbimation extt acted. As described above, the digital 
signatuie can then be checked by relieving the public key of the sender. A signature 
indication is then generated and attached to the message body. The message and indication 
are then preferably encrypted using a wireiess-fiiendly encryption method and transmitted to 
each mobile device to which the message is to be sent As shown at 1216 and 1222, a 
message to a mobile device includes the body of the message 1218, 1224 and an indication 
1220, 1226 that the message had been signed and whether the digital signatuie was verified., 
At a mobile device, the transmitted message is decrypted to letiieve the original message and 
the signature indication 

Figs. 13 and 14 show a flow chart illustrating a method for pie-processing signed, 
encrypted or signed and encrypted messages before sending them to a mobile device.. In 
these drawings, it is assumed that a message has been received and placed into a message 
storage location and that a wireless connector system has detected the new message. It 
should be apparent that the method shown m Figs., 13 and 14 applies to those messages that 
the wireless coimector- system determines should be processed, that is, messages to be sent to 
one or more mobile devices,. 

Turning now to Fig. 13, the method begins at step 1300 when a message that is to be 

sent to a mobile device arrives from a message sender: The wireless coimector' system then 

checks to see if the message is m plain text, at step 1305 This check can be performed for 

example by checking the MIME type of the message, and/or looking for attachments with a 
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ceitain format and MIME type . IP the message is plain text, then it is routed to each of the 
mobile devices.. If the information is not plain text, then a check is made to determine if' the 
message was signed but not encrypted (i.e.. signed only) oi signed last, at step 1315., if the 
message was not signed only or signed last, this would mean the message may have been 
enciypted but not signed (i.e., encrypted only) or signed first and encrypted last, and the 
encryption would have to be processed fiist. A deteimination as to whether oi not the 
message was enciypted only or enciypted last is made at step 1320 . If it is determined that 
the message was not encrypted only or encrypted last, then the message may be a plain text 
message or a signed only ot signed last message that was not detected steps 1305 oi 1315, or 
the message has a format that the wireless connector system cannot handle , In either of these 
cases, an error may be declared, as indicated at 1325.. As those skilled m the art will 
appreciate, error handling will be dependent upon the system in which this method is 
implemented,. If the message was encrypted only oi" enciypted last, the method proceeds to 
process the encryption, at step 1330, which is shown in detail in Fig. 14 and described below., 

If the message has been signed only or signed last^ as determined at step 1315, then a 
digest of the message is geneiated at step 1340, as desciibed above,. The digital signature 
attached to the message is then detected at 1345. In order to continue with digital signature 
veiijQcation, the public key of the sender is retrieved at step 1350 from local memory, from a 
PKS OI similai" system or possibly j&om a Cert attached to the oiiginal message, included in a 
Signeilnfo component of the message for example. The digest in the detected digital 
signatme is the extracted and the signature on the digest is verified, at step 1355, using the 
public key of the sender . 

The digests A and B are then compar ed at step 1360 to determine if they match.. It is 

also deteimined whether or not the signatme of the digest was verified,. If eithei" of these 

conditions is not satisfied, then the signature was not veiified, and a "failed" oi' like signatme 
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indication would be attached to the message at step 1365,. If both conditions aie met, then the 
signatuie was propeily verified and a 'Verified" oi similar signatme indication is added to the 
message at step 1370.. 

At step 1375, it is determined whether oi not the message is still enciypted. Jf so, for 
a message that was enciypted and then signed, the method continues at step 1380 to piocess 
encrypted data, as shown in Fig. 14 and described in further detail below. If the message is 
not still enciypted, then a check may be made at step 1385 to determine whether or not it had 
been encrypted,. For a signed first and encrypted last message, message decryption would 
have been completed before signature verification. If it had been encrypted, then a message 
including the appropriate signature indication, an encryption indication or flag which 
indicates that the message had originally been enciypted and the message body, is 
constructed and sent to the mobile device at step 1395. Otherwdse, the message sent to the 
mobile device at step 1390 includes the signature indication and the message body. 
Alternatively, if a mobile device user does not need to know whether or not a message was 
originally encrypted, which could be a configurable setting stored in a user profile accessible 
by the wireless connector system, step 1375 could proceed directly to step 1390 and no 
encryption indication is sent. 

Although not shown in Hg,. 13, the encoding, compression and encryption schemes 
described above may be employed by the wireless connector system as part of steps 1390 and 
1395 before pre-processed secure messages are sent to a mobile device 

Tmning now to Fig., 14, method steps associated with processing of encrypted parts of 
a message are shown., Encryption processing may begin either when a message has been 
encrypted last or enciypted only (step 1330) or when signature verification operations have 
been completed for an encrypted and then signed message (step 1380). 
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The first step in processing the enciypted data is to locate the enciypted session key 
for' the paiticulai' mobile device user, at step 1410, by using a Recipientlnfo field of the 
received message for example., At the next step 1415, the wireless connector system 
generates and sends to the mobile device a message that contoins flie encrypted session key, 
as described above.. This message may have text fbi the user to provide such information 
about the message as the size, date and originator of the message, with an indication that it is 
enciypted When this message is received at the mobile device, it is determined, by a secure 
messaging software application on the mobile device foi" example, whethat" or' not the private 
key that can be used to decrypt the session key is available on the device, at step 1425. If the 
device does not have the conect private key or the user does not want to decrypt the message, 
then the message cannot be viewed by the user- on the mobile device., Otherwise, as an 
optional step 1435, the user may be given the choice to decrypt the session key (step 1435), 
for example via a menu in a mes^ge list of the mobile device. The decrypted session key is 
then passed back to the wireless connector system and die original message is decrypted, at 
step 1440,. 

Once the decryption is complete, a test is performed at step 1445 to determine if a 
digital signature is to be verified., If so, then the method proceeds at step 1450 to process the 
digital signature as described above with reference to Fig, 13 . If there is no digital signature 
to be verified, then a further test is performed at step 1455 to determine if a digital signature 
was already processed. If the digital signature was aheady processed, i.,e,. when encryption 
processing begins at step 1380, the decrypted message with the signature indication and 
possibly an encryption indication described above are sent to the mobile device at step 1460 . 
Otherwise, if the message was not signed, then the decrypted message and possibly an 
encryption indication are sent to the mobile device, as shown at step 1465, 
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The flow cihait shown in Rgs,. 13 and 14 is intended foi iUustiative purposes only and 
not to limit the scope of the system,. The steps outlined in the flow chart may be peifoimed in 
a diffeient ordei, some of the steps may be combhaed with othei steps oi" omitted, and fuithei 
steps and operations may be peifoimed, For example, the ordei in which opeiations aie 
peifoimed foi" digital signatme verification may be diffeient than shown in Fig., 13., In some 
systems, the digital signatuie might be detected before the digest A is generated, oi digest B 
might be recovered before digest A is geneiated, Also, message pre-piocessing could be 
halted at step 1360 if the digital signature is not verified., Other vaiiatloM of the method in 
Figs. 13 and 14 will be apparent to those skilled in the art and as such are considered to be 
within the scope of the invention as desciihed and claimed herein,. 

Fig., 15 is a flow chait of a method foi' post-processing signed or encrypted and then 
signed messages sent fiom a mobile dfevice . Similai' to the message pre-processing 
embodiments described above, a mobile device and host system operating with a wireless 
connector system can be configured such that die host system post- processes messages sent 
from the mobile device . 

In Fig . 15, the method begins at step 1500 when a user composes a message on a 
mobile device.. When the mobile device is enabled for secure communications, the user may 
select at step 1505 additional message security features, bicluding in the example of Fig,. 15 
"signed last", i.e, encrypted and then signed, or *'signed only" message security,. This type of 
message security could be provided for example by using S/MIME or some other possibly 
proprietary secme messaging scheme.. 

A test is then performed at step 1510 to determine if the user has selected to encrypt 
the message before signing When the message is to be encrypted before signing, a session 
key is generated at step 1515, the message is encrypted using the session key at step 1520, 
and the session key is then encrypted at step 1525 using the public key of each intended 
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message receiver. These public keys aie piefeiably stored in a memoiy on the mobile device, 
but may instead be lequested fiom an external somce such as a PKS oi Kke system if 
requined. 

When the message has been encrypted, or the message is not to be encrypted, the 
method continues at step 1530, and the message, as well as the enctypted versions of the 
session key if the message was enciypted, is passed to a digest function and the usei's private 
key is used to geneiate a digital signatme, at step 1530- Instead of attaching signature- related 
information such as the sendei's Cert, Ceit chain and any CRLs to the message at the mobile 
device for tiansfer to the wiieless connector system at the host system ovei the aii, the mobile 
device preferably includes in the message sent to the host system a signature-ielated 
information indication which is processed by the wireless connector system to determine 
what if any signatuie-ielated information should be attached to the message. This allows a 
mobile device to send signed messages through a host system while avoiding the transfer of 
bulky signature-related information via wireless coimnunication links,. Therefore, at step 
1535, the mobile device sends to the host system the original message (now possibly 
encrypted), the digital signature, and the signature- related information indication, as well as 
one or more encrypted session keys if the message was encrypted All of this information 
may be encoded, compressed and encrypted using a wireless -fiiendly method before it is sent 
to the host system . 

Post-pr ocessing of such a message at a host system begins at step 1540. The witeless 

connectoi system operating at the host system extracts the signature-related information 

indication fiom the message and determines what signature- related information should be 

included with the message The appropriate signature-related information identified in the 

extracted signatare- related information indication, including for example the sender's Ceit, as 

well as possibly chained Certs and CRLs, is attached to the message at step 1545 . The 
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message, digital signature and attached signaturMelated infoimation aie then sent fiom the 
host system to all receivers, at step 1550. 

When a moMe device usei composes a message and selects only message enciyption 
or signing and then enciyption, post processing of ^ the resnltant encrypted message nmy be 
peifoimed at the host system if the wireless connector system operating at the host system 
has access to the session key used to encrypt the message. Otherwise, the host system is 
unable to decrypt such a message and therefore cannot perform post-piocessing operations on 
the message.. In this case, a message composed on a mobile device, along with an attached 
digital signatuie and any required Certs and CKLs, will be encrypted on the mobile device 
u^ing a session key, and the enciypted message and encrypted veisions of the session key will 
be sent from the mobile device to eithei the host system, for deKvery to addressed receiveis, 
01 directly to the addressed leceiveis. Any required Ceits and CRLs must be attached to the 
message on the mobile device, and enciyption of the entire message and the session key must 
be handled on the device . 

However, if the session key could be tiansfeired to the host system, then some of the 

enciyption and possibly other secuie message processing operations could be performed by 

the host system, as shown in Fig, 16, which is a flow chait of a method for post- processing 

enciypted or signed and then enciypted messages sent from a mobile device, For example, 

instead of encrypting the session key using the public key of each addressed receiver, the 

session key could be encrypted with the public key associated with the host system or die 

mobile device user's desktop computer system at the host system location.. Provided that the 

wireless connector system has access to the corresponding private key of the host system or 

user, the session key can then be decrypted at the host system. Similarly, if a wireless^ 

friendly security scheme is implemented fbi' communications between the mobile device and 

the wireless connector system operating at the host system, then the sessioii key could be 
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encrypted by the mobile device according to this scheme and then decrypted by flie host 
system. This potentially allows the host system, instead of the mobile device, to peifbim 
seveial operations that limst otherwise be peif bimed by the mobile device, 

Ref ening now in detail to Fig, 16, a nsei' composes a message on a mobile device at 
step 1600 and selects either encryption only oi enciyption aftei signing (encrypted last) 
message security at step 1605,. At step 1610, it is determined whether or not the nsei selected 
to have the message signed and then encrypted, If so, then a digest and digital signature are 
generated at step 1615, and signature related information such as the user 's Cert, Cert chain 
and any required CRLs are attached to the message at step 1620,. When signing is complete, 
or if the message is to be encrypted without first bemg signed, the method pioceeds at step 
1625, where the device generates a session key to be nsed in encrypting the message. The 
message, along with the attached digital signature and signature- related infoimation if the 
message was signed, is then encrypted using the session key at step 1630. Then, at step 1635, 
the session key is encrypted using either a public key associated with a private key available 
to the vrirel^s cormector' system operating at the host system, a wireless-fiiendly security 
method, oi possibly both, and the encrypted message and encrypted session key are sent to 
the host system.. Where a wireless friendly security scheme exists, it should be apparent that 
the encrypted message might be double-encrypted for transfer to the host system,. Encoding, 
compression and message enveloping techniques may also be applied to the message and 
session key f or transfer to liie host system , 

When the message and encrypted Session key are received at the host system, any 

encoding, compression, encryption and enveloping that may be applied for data transfer 

between the mobile device and the host system are reversed by the wireless connector 

system,. Where the session key was further encrypted by the device, using a public key for 

example, it is then decrypted by the wireless cormector system at step 1640 nsing the 
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cortesponding private key* The wireless connectoi' system, using the dectypted session key, 
can then re-enciypt the session key using the public key of each addressed receivei, at step 
1645, and attach the encrypted session keys to the message before foiwaiding the message 
fbi delivery to the addiessed receivers, as indicated at step 1650. Enciyption of the session 
key for each receivei is thereby offloaded ftom the mobile device to the host system,. 

Although not shown in Fig,. 16, this method can be extended to provide for moie post- 
piocessing of an enctypted message at the host system. Since the wireless connector system 
at the host system has the session key, the message itself may be deciypted. Therefoie, the 
device need not necessaiily attach signature-related information (its Cert, a Cert chain or any 
CRLs) to the message before encryption., Instead, as described above in conjunction with 
Fig. 15, a signature-related information indication could be attached to the message,. The 
wireless connector system, using the session key, can decrypt the message, process the 
signature-related information indication and then attach any required signature- related 
information.. Once this information is attached, the wireless cormectoi system can then re - 
encrypt flie message using the session key and encrypt the session key for- each addressed 
receiver .. According to this method, typically bulky signature-related information is added to 
the message by the host system, such that encryption of this information by the device, as 
well as transfer of the information over the air, is avoided. 

If a strxing wireless friendly security scheme is in place between the mobile device 
and the host system, then the message and session key> as well as the digital signature and 
any signature-related information indication could be encrypted according to this security 
scheme and sent to the host system. The host system could then attach required signature- 
related information identified in the signature-related information indication to the message, 
encrypt the message, digital signature and signature-related information using the session key 

and then encrypt the session key for the addressed receivers. In this case, the session key 
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could possibly be generated by the host system instead of the mobile device, further redtacing 
the amount of data sent from the mobile device,. Thq mobile device then need only use the 
wir eless fiiendly security scheme to enable secure messaging via such techniques as S/MIME 
and PGP.. Message post-processing moves the bulk of data processing operations from the 
mobile device to the mote poweifol host system 

Where the host system also has access to the mobile device user's signatuie key, the 
post-piocessing concept can be even foithei expanded to encompass signing of a secure 
message, A mobile device could then tiansfei to the host system a message, an indication 
that the message should be signed, a signatuie-related information indication if applicable, an 
indication that the message should be encrypted, and eithei a session key oi an indication that 
the host system should choose the session key,. The host system can then handle all 
encryption and signatuie operations on behalf of the mobile device,. 

Although these techniques reduce both the amoimt of data that must be tiansfeired 
from the mobile device and the complexity of device-based processing operations requhred 
for secure messaging, encryption at the host system using the session key, as well as 
signature generation at the host system, assume either' a secure transpott between the mobile 
device and host system or that the host system has access to a users' private keys,. 

Turning now to Fig., 17, a block diagram of an exemplary wireless communication 
device that could be used with the systems and methods described herein is shown The 
mobile communication device 100 is prefeiably a two-way communication device having 
voice and/oi data communication capabilities,. The device prefembly has the capability to 
comtnunicate with other computer systems on the Internet. Depending on the functionality 
provided by the device, the device may be refened to as a data messaging device, a two-way 
pager, a cellular telephone with data messaging capabilities, a wireless Internet appliance or a 
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data conununication device (with or wilhoiit telephony capabilities). As mentioned above, 
such devices are ref bired to generally herein simply as mobile devices.. 

The dual-mode device 100 includes a transceiver 1711, a microprocessor 1738, a 
display 1722, Hash memoiy 1724, RAM 1726, auxiliaiy input/output (I/O) devices 1728, a 
serial port 1730, a keyboard 1732, a speaker 1734, a miciophone 1736, a short-iange wireless 
communications sub-system 1740, and may also include other device sub-systems 1742, The 
tiansceivei 1711 prefexably includes transmit and receive antennas 1716, 1718, a receiver 
(Rx) 1712, a tiansmittei (Tx) 1714, one or more local oscillators (LOs) 1713, and a digital 
signal processor (DSP) 1720, Within the Flash memoiy 1724, the device 100 preferably 
includes a plurality of soflwai'e modules 1724A-1724N that can be executed by the 
microprocessoi 1738 (and/oi the DSP 1720), including a voice communication module 
i724A, a data communication module 1724B, and a plurality of othei- opeiational modules 
1724N for cairying out a plurality of othei functions , 

The mobile communication device 100 is preferably a two-way communication 
device having voice and data communication capabilities- Thus, foi example, the device may 
conmiunicate over a voice network, such as any of the analog oi digital cellulai networks, 
and may also communicate ovei a data network,. The voice and data netwoiks are depicted m 
Fig. 17 by the communication tower 1719, These voice and data networks may be separate 
communication networks using separate infiastiucture, such as base stations, network 
contioUers, etc., or they may be integrated into a single whreless network. References to the 
network 1719 should therefore be interpreted as encompassing both a single voice and data 
network oi separate netwoiks. 

The communication subsystem 1711 is used to communicate with the network 1719 . 

The DSP 1720 is used to send and receive communication signals to and from flie tiansmitter 

1714 and receiver 1712, and may also exchange control information with the transmitter 1714 
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and XBceiver 1712, If the voice and data conmnmicalions occui' at a single frequency, or 
closely-spaced set of frequencies, then a single LO 1713 may be used in conjunction with the 
tiansmittei 1714 and receiver 1712. Alternatively, if diffei^t fiequencies are utilized foi 
voice communications versus data communications, then a plmality of LOs 1713 can be used 
to geneiate a plurality of frequencies coriesponding to the network 1719. Although two 
antennas 1716, 1718 are depicted in Fig. 17, the mobile device 100 could be used with a 
single antenna structniu. Information, which includes both voice and data information, is 
communicated to and from the communication module 1711 via a link between the DSP 1720 
and the microprocessor 1738., 

The detailed design of the connnimication subsystem 1711, such as frequency band, 
component selection, power level, etc., wiU be dependent upon the communication network 
1719 in which the device 100 is intended to operate,. For example, a device 100 intended to 
operate in a North American market may include a communication subsystem 171 1 designed 
to operate with the Mobitex oi' DataTAC mobile data communication networks and also 
designed to operated with any of a variety of vi)ice communication networks, such as AMPS, 
TDMA, CDMA, PCS» etc, whereas a device 100 intended for use in Europe may be 
configured to operate with the GPRS data communication network and the GSM voice 
communication netwotk. Other types of data and voice networks, both separate and 
integr ated, may also be utilized with the mobile device 100 . 

Depending upon the type of network 1719, the access requirements for' the dual-mode 

mobile device 100 may also vary,. For example, in the Mobitex and DataTAC data networks, 

mobile devices are registered on the network using a unique identification number associated 

with each device, In GPRS data networks, however, network access is associated with a 

subscriber- or user of a device 100.. A GPRS device typically requires a subscriber identity 

module CSIM"), which is required in order to operate the device 100 on a GPRS network. 
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Local o£ non-netwoik communication functions (if any) may be operable, without the SIM, 
but the device 100 will be unable to cany out any functions involving communications over 
the network 1719, other than any legally required opeiations, such as *911' emergeocy 
calling 

After any required network registration oi activation procedures have been completed, 
the dual- mode device 100 may send and receive communication signals, prefei ably including 
both voice and data signals, ovei the netwoik 1719. Signals received by the antenna 1716 
fiom the communication network 1719 are routed to the receiver 1712, which provide for' 
signal amplification, ftequency down conveision, filteiing, channel selection, etc., and may 
also provide analog to digital conversion. Analog to digital conver sion of the received signal 
allows more complex communication functions, such as digital demodulation and decoding 
to be performed using the DSP 1720, In a similar manner, signals to be transmitted to the 
network 1719 axe processed, including modulation and encoding, foi example, by the DSP 
1720 and are then provided to the transmitter 1714 for digital to analog conversion, frequency 
up conversion, filtraing, amplification and transmission to the communicadon network 1719 
via the antenna 1718 . Alfliough a single transceiver 1711 is shown in Fig.. 17 for- both voice 
and data communication, it is possible that the device 100 may include two distinct 
transceivers, a first transceiver for transmitting and receiving voice signals, and a second 
tiansceivei for transmitting and receiving data signals,. 

In addition to processing the communication signals, the DSP 1720 may also provide 
for receivei and transmitter control. For example, the gain levels applied to communication 
signals in the receiver- 1712 and transmitter 1714 may be adaptively conttoUed through 
automatic gain control algorithms implemented in the DSP 1720. Other transceiver control 
algorithms could also be implemented in the DSP 1720 in order to provide more sophisticated 
control of the tr ansceiver 1711.. 
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The microprocessor 1738 pieferably manages and contiols the overall opeiation of' the 
dual-mode mobile device 100 Many types of xmcroprocessors oi microcontrollers could be 
used here, oi, alternatively, a single DSP 1720 could be used to cariy out the functions of the 
microprocessor 1738.. Low-level communication functions, including at least data and voice 
communications, aie performed through the DSP 1720 in the tiansceiver 1711. Other-, high- 
level communication applications, such as a voice communication application 1724A, and a 
data communication application 1724B may be stored in the Flash memory 1724 for 
execution by the micioprocessoi 1738. Foi example, the voice communication module 
1724A may provide a high-level user interface operable to transmit and receive voice calls 
between the dual-mode mobile device 100 and a plurality of other voice devices via the 
netwotk 1719. Similarly, the data communication module 1724B may provide a high-level 
usei^ interface operable for senduig and receiving data, such as e-mail messages, files, 
organizer information, short text messages, etc, between the dual -mode mobile device 100 
and a plurality of other data devices via the network 1719., On the device 100, a secure 
messaging software application may operate in conjunction with the data communication 
module 1724B in order to implement the secure messaging techniques described above.. 

The microprocessoi 1738 also interacts with other device subsystems, such as the 

display 1722, Flash memory 1724, random access memory (RAM) 1726, auxiliary 

input/output (I/O) subsystems 1728, serial port 1730, keyboard 1732, speaker 1734, 

microphone 1736, a short-range communications subsystem 1740 and any other- device 

subsystems generally designated as 1742. For example, the modules 1724A-N are executed 

by the microprocessor- 1738 and may provide a high-level interface betvveen a user' of the 

mobile device and the mobile device., This interface typically includes a graphical 

comppnent provided through the display 1722, and an input/output component provided 

through the auxiliaiy I/O 1728, keyboard 1732, speaker" 1734, or microphone 1736. 

51 



CA 02450601 2003-12-12 
WO 02/101605 PC1/CA02/00889 

Some of the subsystems shown in Kg. 17 perfonn conmranication-related functions, 
whereas other jsubsy stems may provide ^'residenf oi^ on -device functions. Notably, some 
subsystems, such as keyboard 1732 and display 1722 may be used for both communication- 
lelated functions, such as enteiing a text message f bi transmission over a data communication 
network, and device-resident ftmctions such as a calculator or task list or othei PDA type 
functions,. 

Opeiating system software used by the mlciopiocessot 1738 is prefeiably stored in a 
persistent store such as Flash memory 1724. In addition to the operating system and 
communication modules 1724A-N, the Flash memoiy 1724 may also include a file system foi- 
storing data.. A storage ar'ea is also preferably provided in the Hash memory 1724 to store 
public keys, a private key, and other information requked for secure messaging. The 
operating system, specific device applications or modules, or parts thereof, may be 
temporarily loaded into a volatile store, such as RAM 1726 for faster operation Moreover, 
received cotomunication signals may also be temporarily stoted to RAM 1726, before 
permanently writing them to a file system located in the persistent store 1724 . 

An exemplary application module 1724N that may be loaded onto the dual-mode 
device 100 is a personal information manager (PIM) application providing PDA 
functionality, such as calendar events, appointments, and task items. This module 1724N may 
also interact with the voice communication module 1724A for managing phone calls, voice 
mails, etc, and may also interact with the data communication module 1724B for managing 
e-mail conununications and other' data transmissions . Alternatively, aH of the fimctionality of 
the voice communication module 1724A and the data communication module 1724B may be 
integr ated into the PIM module., 

The Hash memory 1724 preferably provides a file system to facilitate storage of PIM 

data items on the device. The PIM application prefeiably includes the ability to send and 
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receive data items, eithei by itself , oi in conjunctioii with the voice and data communication 
modules 1724A, i724B, via the wiieless netwoik 1719,. The PIM data items aie preferably 
seamlessly integrated, synchionized and updated, via the wireless network 1719, with a 
codrespondiiig set of data iten^ stored or associated with a host computer- system, thereby 
creating a mirrored system for data items associated with a particular user.. 

The mobile device 100 may also be manually synchi'onized with a host system by 
placing the device 100 in an interface cradle, which couples the serial poit 1730 of the mobile 
device 100 to the seiial poit of the host system,. The serial poit 1730 may also be used to 
enable a user to set preferences through an external device or software application, to 
download other application modules 1724N for installation, and to load Ceits, keys and other 
information onto a device as described above. This wired download path may be used to load 
an encryption key onto the device, which is a more secure method than exchanging 
enciyption information via the wireless netwoik 1719. 

Additional application modules 1724N may be loaded onto the dual-mode device 100 
through the netwoik 1719, through an amtilaaiy I/O subsystem 1728, through the seiial port 
1730, through the short-range communications subsystem 1740, oi' through any other suitable 
subsystem 1742, and installed by a user in the Hash memoiy 1724 or RAM 1726 , Such 
flexibility in appUcation installation increases the functionaHty of the device 100 and may 
provide enhanced on-device functions, communication-related functions, or both. For 
example, secure communication applications may enable electronic commerce functions and 
other such financial transactions to be performed using the device 100., 

When the dual-mode device 100 is operating in a data communication mode, a 

received signal, such as a text message or a web page download, will be processed by the 

tr^sceiver 1711 and provided to the micioprocessor' 1738, which will preferably further 

process the received signal for output to the display 1 722, or, alternatively, to an auxiliary I/O 
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device 1728, A usei of dual-mode device 100 may also compose dam iten^, such as email 
messages, using the keyboaid 1732, which is preferably a complete alphanumeric keyboard 
laid out in the QWERTY style, although other styles of complete alphanumeiic keyboards 
such as the known DVORAK style may also be used Usei* input to the device 100 is fuithei 
enhanced with a plurality of auxiliary I/O devices 1728, which may include a thumbwheel 
input 'device, a touchpad, a variety of switches, a locker input switch, etc.. Ihe composed 
data items input by the user may then be transmitted ovei the communication network 1719 
via the transceiver 171 1 , Secure messages received by and to be tcansmitted from the mobile 
device 100 are processed by the data communication module 1724B oi an associated secure 
messaging software application accor'ding to the techniques desciibed above., 

When the dual-mode device 100 is operating in a voice cormnunication mode, the 
overall operation of the device 100 is substantially similar to the data mode, except that 
received signals ate preferably output to the speakei 1734 and voice signals for transmission 
are generated by a microphone 1736 In addition, the secuie messaging techniques described 
above might not necessarily be applied to voice communications. Alternative voice oi audio 
I/O subsystems, such as a voice message recording subsystem, may also be implemented on 
the device 100,. Although voice or audio signal output is preferably accomplished piimaiily 
through the speaker 1734, the display 1722 may also be used to provide an indication of the 
identity of a calling party, the duration of a voice call, or other voice call related information, 
For example, the loicioprocessor 1738, in conjunction with the voice communication module 
1724A and the operating system software, may detect the caller identification infoimation of 
an incoming voice call and display it on the display 1722., 

A short-range communications subsystem 1740 may also be included hi the dual- 
mode device 100. For example, the subsystem 1740 may include an in&aied device and 

associated circuits and components, or a shoit-range wireless communicatioii module, such as 
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a "Bluetooth" module or an 802.11 module according to the Bluetooth or 802.11 
specifications, lespectively, to provide foi communication with similaily- enabled systems 
and devices. It wffl be apparent to those skilled in the art that ^Bluetooth" and 802.11 refei to 
sets of specifications, available fiom the Institute of Electrical and Electronics Engineeis 
(IEEE), relating to wireless LANs and wireless personal area networks, lespectively . 

Having described in detail the piefeiied embodiments of ±e system, including the 
piefen-ed methods of operation, it is to be understood that this opeiation could be carried out 
with different elements and steps. This preferred embodiment is presented only by way of 
example and is not meant to limit the scope of the present invention,, Foi example. Figs,, 18 
and 19 illustrate pre-processing and post-piocessing of messages involving wireless mobib 
communicalions devices. 

Fig. 18 depicts a pre-processing example wherein a host system 1806 receives a 
message 1804 from a message sender 1802 addressed to one ox more message receivers. A 
wireless connector system 1810 generates a message 1812 for a mobile device 1814 that 
corresponds to a message receiver. The wireless connector system 1810 performs 
authentication and/or encryption message processing 1808 upon the sender^s message 1804., 
Many types of processmg may be peifoimed, such as reducing the size of a sender's 
encrypted message by excluding some or all session keys not needed by a message recpivei 
corresponding mobile device. Through processing 1808, the message 1812 transmitted to the 
mobile device 1814 is a modification of the sendees message 1804 with respect to 
authentication and/or encryption aspect(s).. The mobile device 1814 contains memory for 
storing such pre-processed messages, such as volatile or non-volatile RAM (random access 
memory). 

The sender's message 1804 is similaily processed if other mobile devices aie 

identified by the wireless connector system 1810 to correspond to the recipients that should 
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receive the sender's message 1804, In lids wsty» messages (e g.,, 1816) modified with lespect 
to authentication and/or enciyption aspect(s) (e.g., encoding aspects) are sent to otliei mobile 
devices (e.g , 1818) 

It should be undeistood ±at such a system may be yaiied in many ways, such as 
allowing the pr ocessing 1 808 to be peifoimed by the host system 1806, or having the wireless 
connectoi system 1810 opeiate within the host system 1806 oi opeiate on a different platfbim 
from the host system 1806, As a fmther example of the wide scope of the system's 
variations, the wireless connectoi system 1810 may use techniques other than lediiectlon 
operations to transmit messages to mobile devices (e.g., 1814 and 1818)* 

Hg., 19 depicts a post-processing example wheiein a wheless connectoi system 1906 
receives a message 1904 addressed to one or more message receivers (e g.,, 1914 and 1918) 
fiom a wheless mobile communication device 1902. Authentication and/or enciyption 
message processing 1908 is peifoimed upon the message 1904., Many types of processing 
may be peifoimed, such as: removing signature-related inf oimation indication from a device's 
signed message and attaching signature -related information identified in the signature-related 
infbimation indication to the signed message. The processed message 1912 may then be sent 
through the host system 1910 to one or more xeceiveis (e .g.,, 1914 and 1918),. 

Such pi'e-processing and post-processing systems as described herein address many 

issues, such as the difficulty that current systenis do not attempt to deliver entire S/MIME 

messages to a mobile device, due primarily to bandwidth and battery limitations associated 

with mobile devices. One difficulty is that S/MIME messages are usually too large to send 

effectively to a mobile device over a wireless communication network, If an entire S/MIME 

message is sent, either to or fiom a mobile device, it could use excessive amounts of memory 

and battery power- just for a single message Considering the time necessary for reception or 

transmission by a mobile device, the memory required for storage and the battery power 
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required to handle the message exchange, a product that tried to support straight S/MIME 
woiild have undesirable qualities to tiie average business user. Another exemplary issue is 
that there are no cmienfly available public key servers accessible to wiieless networks and 
mobile devices, As a result, the use of public key ciyptogiaphio operations is vety difficult 
and requires heavy caching operations at the mobile device to eliminate Public Key 
infrastructure (PKT) requirements. In the area of exchanging secure e-mail messages, there 
are additional problems that include (1) the inability for mobile devices to retrieve public 
encryption keys from PKIs to encrypt messages being sent from the mobile device, (2) the 
inability to retrieve public keys on received messages that are signed, (3) the inability to deal 
with very large CRLs on small devices, and (4) the time delay on mobile devices with slower 
processors to perform complex mathematical calculations involved with public key 
encryption algorithms. These problems and others result in a poor and frustrating user 
experience when trying to exchange S/MIME -based e-mail messages using mobile devices. 

The pre-processing and post -processing system and method described herein process 
secure e-mail messages so that such messages, includmg for example S/MIME messages, can 
be exchanged with mobile devices,. The system and method also leverages the processor- 
power' of a host system associated with a mobile device to enable a better user experience 
when exchanging S/MJME messages with mobile devices. 

Still further examples of the wide scope of the system and method disclosed herein 

are illustrated in FIGS. 20-22. FIGS,. 20-22 describe additional uses of the system and 

method within different exemplary communication systems,. Fig 20 is a block diagram 

showing an example communication system., In Fig,. 20, there is shown a computer system 

2002, a WAN 2004, corporate LAN 2006 behind a security firewall 2008, wireless 

infrastructure 2010, wireless networks 2012 and 2014, and wireless mobile communication 

devices (''mobile devices") 2016 and 2018. The corporate LAN 2006 include a message 
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sexvei 2020, a weless connector system 2028, a data store 2017 including at least a plmality 
of mailboxes 2019, a desktop computer system 2022 having a communication link dii ectly to 
a mobile device such as through physical connection 2024 to an interface or connector- 2026, 
and a wireless Virtual Private Network (VPN) router 2032. Operation of the system m Fig. 
20 will be described below with lefeience to the messages 2033, 2034 and 2036 . 

The computer system 2002 may, for example, be a laptop, desktop or pahntop 
computer' system configured for connection to the WAN 2004. Such a computer system may 
connect to the WAN 2004 via an ISP or ASP. Alternatively, the computer system 2002 may 
be a network-connected computer system that, like the computer system 2022 for example, 
accesses the WAN 2004 through a LAN oi other network. Mariy modern mobile devices are 
enabled for connection to a WAN through various inftastructure and gateway arrangements, 
so that the computer system 2002 may also be a mobile device. 

The corporate I-AN 2006 is an iUustiative example of a cential, server-based 

messaging system that has been enabled for wireless communications,. The corporate LAN 

2006 may be refeiied to as a "host system", in that it hosts both a data store 2017 with 

mailboxes 2019 for messages, as well as possibly further data stores (not shown) for other 

data iterr^, that may be sent to or received fiom mobile devices 2016 and 2018, and the 

whreless connector system 2028, the wkeless VPN router 2032, or possibly other components 

enabling coimnunications between the corporate LAN 2006 and one or more mobile devices 

2016 and 2018.. In more general terms, a host system may be one or more computers at, with 

or in association with which a wireless connector- system is operating, as described above. 

The corporate LAN 2006 is one preferred embodiment of a host system, in which the host 

system is a server computer running within a corporate network environment operating 

behind aad protected by at least one security communications firewall 2008. Other possible 

cential host systen^ include ISP, ASP and other service provider or mail systems. Although 
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the desktop computer system 2024 and inteif ace/connectoi 2026 may be located outside such 
host systems, wireless connnuiiication operations may be similai to tho^ described below., 

The coiporate LAN 2006 implements the wireless connector system 2028 as an 
associated wiieless communications enabling component, which wiB noimally be a software 
program, a software application, oi' a software component built to work with at least one or 
more message server; The wiieless connector system 2028 is used to send uset-selected 
information to, and to receive information frt)m, one oi more mobile devices 2016 and 201 S, 
via one or more wireless networks 2012 and 2014,. The wireless connector' system 202S may 
be a separate component of a messaging system, as shown in Hg, 20, or may instead be 
partially oi entirely incorporated into other- communication system components. For 
example, the message server 2020 may incorporate a software pi'ogram, applicaticfn, oi' 
component implementing the wireless connector system 2028, portions thereof, or some or all 
of its functionality. 

The message server 2020, nmning on a computer behirid the firewall 2008, acts as ttie 
main interface for the corporation to exchange messages, including for" example email, 
calendaring data, voice mail, electionic documents, and other personal information 
management {PDVO data with the WAN 2004, which will typically be the Internet. The 
particular- intermediate operations and computers will be dependent upon the spediac type of 
message deliveiy mechanisms and networks via which messages are exchanged, and 
therefore have not been shown in Fig. 20,. The functionality of the message server- 2020 may 
extend beyond message sending and receiving, providing such features as dynamic database 
storage for- data like calendars, todo lists, task lists, e-mail and documentation. 

Message seivers such as 2020 normally maintain a plurality of mailboxes 2019 in one 

or more da^ stores such as 2017 for each user having an account on the server. The data 

store 2017 includes mailboxes 2019 for' a number of ("n") user accounts , Messages received 
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by the message seiver 2020 that identify a user, a user accoimt, a mailbox, or possibly 
anothei^ adcJiess associated with a user; account oi mailbox 2019 as a message recipient will 
typically be stoied in the coii^poiiding mailbox 2019. If a message is addressed to multiple 
lecipients or a distribution list, then copies of the same message may be stoied to more than 
one mailbox 2019. Alteinatively, the message seivei 2020 may store a single copy of such a 
message in a data stoie accessible to all of the user s having an account on the message server , 
and store a pomtei oi other identifier in each recipient's mailbox 2019- In typical messaging 
systems^ each user may then access his oi hci mailbox 2019 and its contents using a 
messaging client such as Microsoft Outlook oi Lotus Notes, which noimally operates on a 
PC, such as the desktop compnter system 2022. connected in the LAN 2006. Although only 
one desktop computer system 2022 is shown in Kg. 20, those skilled in the art will appreciate 
that a LAN will typically contain many desktop, notebook and laptop computei^ systems, 
Each messaging client normally accesses a mailbox 2019 through the message server 2020, 
although in some systems, a messaging client may enable direct access to the data store 2017 
and a mailbox 2019 stored thereon by lie desktop computer system 2022. Messages may 
also be downloaded from the data store 2017 to a local data store (not shown) on die desktop 
computer system 2022,. 

Within die corporate LAN 2006, the wireless corniector- system 2028 operates in 
coiijunction with the message server* 2020. The wireless connector system 2028 may reside 
on the same computer system as the message server 2020, or may mstead be implemented on 
a different computer system., Software implementing the wkeless connector system 2028 
may also be partially or entirely integrated with the m^sage server 2020. The wireless 
connector system 2028 and the message server 2020 are preferably designed to cooperate and 
interact to allow the pushing of information to mobile devices 2016, 2018., In such an 

installation, the wireless connector system 2028 is preferably configuied to send information 
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that is stored in one oi" moie data stores associated with the coiporate ,LAN 2006 to one oi^ 
more mobile devices 2016, 2018» tbrough the coiporate firewall 2008 and via the WAN 2004 
and one of the wiieless netwoiks 2012, 2014., Foi example, a user that has an account and 
associated mailbox 2019 in the data store 2017 may also have a mobile device, such as 2016.. 
As described above, messages received by the message seivei 2020 that identify a usei, 
account oi mailbox 2019 are stored to a conesponding mailbox 2019 by the message seivei 
2020. If a usei has a mobile device, such as 2016, messages received by the message seiver 
2020 and stoied to the user 's mailbox 2019 aie prefeiably detected by the wiieless connector 
system 2028 and sent to the usei^s mobile device 2016. This type of ftmctionality xepiesents 
a "push" message sending technique. The wiieless connectoi system 2028 may instead 
employ a "pull" technique, in which items stored in a mailbox 2019 are sent to a mobile 
device 2016, 2018 responsive to a request oi access opeiation made using the mobile device, 
or some combination of both techniques., 

The use of a wireless connector 2028 thereby enables a messaging system including a 
message seiver 2020 to be extended so that each usei's mobile device 2016, 2018 has atxess 
to stoied messages of the message seivei 2020., 

As shown in Fig,. 20, and similar to the system of Fig. 1, there aie several paths for 
exchanging information with a mobile device 2016, 2018 from the coiporate LAN 2006,. One 
possible information transfer path is through the physical connection 2024 such as a serial 
port, using an interface oi' connector- 2026. This path may be useful for example for transfer 
of bulky PIM and signature-related information, data synchronization, and private encryption 
oi signature key transfers, as described above. In known "synchr'onization" type wireless 
messaging systems^ a physical path has also been used to transfer messages from mailboxes 
2019 associated with a message server 2020 to mobile devices 2016 and 2018* 
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Another method for data exchange with a mobile device 2016, 201S is over-the-aii, 
through the wiieless coimcctor system 2028 and using wireless networks 2012, 2014, As 
shown in Fig. 20, this could involve a Wiieless VPN router 2032 or a traditional WAN 
connection to wireless infiastructuie 2010 that provides an interface to one qt" more wireless 
networks 2012. 2014 , The Wireless VPN router- 2032 provides for creation of a VPN 
connection directly thorough a specific wireless network 2012 to a wireless device 2016., A 
primary advantage of using a wireless VPN router' 2032 is that it could be an off-the-shelf 
VPN component which would not require wireless infxastiucture 2010 A VPN connection 
may use a Ttansmission Control Protocol over IP (TCP/IP) or User Datagram Protocol over 
IP (UDP/IP) cormection to deliver messages dhectly to and from a mobile device 2016,. 

If a wireless VPN router 2032 is not available, then a Hnk to a WAN 2004, normally 
the Internet, is a commonly used connection mechanism that may be employed by the 
wireless connector system 2028 . To handle the addressing of the mobile device 2016 and any 
other required interf ace functions, wireless inficastmcture 2010 is preferably used. 

In some implementations, more than one over -the -air information^ exchange 
mechanism may be provided in the corporate LAN 2006. in the exemplary communication 
system of Fig, 20 for example, mobile devices 2016, 2018 associated with users having 
mailboxes "2019 associated with user accounts on the message server 2020 are configured to 
operate on different wireless networks 2012 and 2014., If the wireless network 2012 supports 
IPv6 addressing, then the wireless VPN router 2032 may be used by the wireless connector 
system 2028 to exchange data with any mobile device 2016 operating within the wireless 
network 2012,, The wireless network 2014 may be a different type of wireless network, 
however; such as the Mobitex network, in which case information may instead be exchanged 
with a mobile device 2018 opetratrng within the wireless network 2014 by the wireless 
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connectoi system 2028 via a connection to the WAN 2004 and the wireless infiastmctoe 

2010,. 

Opeiation of the system in Rg . 20 is similai- to that of Fig. 1, described above. An e- 
mail message 2033 sent from the cxmputei- system 2002 and addressed to at least one 
recipient having both an account and mailbox 2019 oi like data store associated with the 
message server 2020 and a mobile device 2016 or 2018. Howevei, the e mail message 2033 
is intended for illusHative puiposes only. The exchange of other types of information 
between the coipoiate LAN 2006 is prefeiably also enabled by the wneless connector system 
2028. 

The e-mail message 2033, sent ftom the computet system 2002 via the WAN 2004, 
may be fully m (he cleai, or signed with a digital signatuie and/or encrypted, depending upon 
the paiticulai messaging scheme used. For example, if the computer system 2002 is enabled 
for secure messaging using S/MIME, then the e-mail message 2033 may be signed, 
encrypted, or both. 

The e-mail message 2033 anives at the message servet 2020, which determines into 
which mailboxes 2019 the e-mail message 2033 should be stored. As described above, a 
message such as the e-mail message 2033 may include a user ijame, a user account, a mailbox 
identifier , or other" type of identifier that may be mapped to a particular- account oi associated 
mailbox 2019 by the message server' 2020,. For- an e-mail message 2033, recipients are 
typically identified using e-mail addresses corresponding to a user' account and thus a 
mailbox 2019. 

The wireless connector system 2028 sends or mnrors, via a wireless network 2012 or 

2014, certain user- selected data items or parts of data items from the corporate LAN 2006 to 

the user^s mobile device 2016 or 2018, preferably upon detecting that one or more triggering 

events has occurred, A triggering event includes, but is not limited to, one or more of the 
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following: screen saver activation at a user's netwoxked computei system 2022, 
disconnection of the nsei^s mobile device 2016 or 2018 fiom the interface 2026» or receipt of 
a command sent from a mobile device 2016 or 2018 to the host system to stait sending one or 
more messages stored at the host system. Thus, the wireless connector system 2028 may 
detect tiiggeiing events associated with the message seiv^ 2020, such as leceipt of a 
command, of with one or more netwoiked cornputet systems 2022, including the screen saver 
and disconnection events described above. When wireless access to corporate data f oi a 
mobile device 2016 or 2018 has been activated at the LAN 2006, fbi example when the 
wireless connector system 2028 detects the occurrence of a tiiggexing event for a mobile 
device user, data items selected by the usei aie preferably sent to the user's mobile device. In 
the example of the e-mail message 2033, assuming that a triggering event has been detected, 
the arrival of the message 2033 at the message server 2020 is detected by the wireless 
connector system 2028. This may be accoinplished, for example, by monitoring or querying 
mailboxes 2019 associated with the message server 2020, or, if the message server 2020 is a 
Microsoft Exchange server, then the wireless connector system 2028 may register foi^ advise 
syncs provided by the Microsoft Messaging AppUcation Programming Interface (MAPI) to 
thereby receive notifications when a new message is stored to a mailbox 2019 . 

When a data item such as the e-mail message 2033 is to be sent to a mobile device 
2016 or 2018, the wir'cless connector system 2028 preferably repackages the data item, as 
indicated at 2034 and 2036. Repackaging techniques may be similar for any available 
transfer paths or may be dependent upon the particular transfer path, either the wireless 
inftastiucture 2010 or the wireless VPN router 2032. For example, the e-mail message 2033 
is preferably compressed and encrypted, either before or after being repackaged at 2034, to 
thereby effectively provide for secure transfer to the mobile device 2018.. ComfEession 

reduces the bandwidth required to send the message, whereas encryption ensures 
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confidentiality of any messages oi othei infoimation sent to mobile devices 2016 and 2018. 
In contrast, messages transferred via a VPN lontei 2032 naight only be compressed and not 
encrypted, since a VPN connection established by the VPN router 2032 is inherently secme. 
Messages are thereby securely sent, via either enciyption at the wireless coimectoi system 
2028, which may be considered a non-standaid VPN tunnel or a VPN-like connection for 
example, or the VPN ronter 2032, to mobile devices 2016 and 2018. Accessing messages 
using a mobile device 2016 or 2018 is thus no less secme than accessing mailboxes at the 
LAN 2006 using the desktop computei' system 2022 . 

When a lepackaged message 2034 or 2036 aiiives at a mobile device 2016 or 2018, 
via the wireless infrastructure 2010» or via the wkeless VPN router 2032, the mobile device 
2016 or 2018 removes the outer electronic envelope from the repackaged message 2034 or 
2036, and performs any required decompression and decryption operations. Messages sent 
fiom a mobile device 2016 or 2018 and addressed to one or more recipients aie preferably 
similarly repackaged, and possibly compressed and encrypted, and sent to a host system such 
as the LAN 2006., The host system may then remove the elect£-onic envelope fiom the 
repackaged message, decrypt and decompress the message if desired, and route the message 
to the addressed recipients. 

Fig, 21 is a block diagram of an alternative exemplary communication system, in 
which witeless communications are enabled by a component associated with an operator' of a 
wireless network,. As shown in Fig. 21, the system includes a computer system 2002, WAN 
2004, a corporate I.AN 2007 located behind a security firewall 2008, netwoik operator 
infcastiucture 2040, a wireless network 2011, and mobile devices 2013 and 2015., The 
computer system 2002, WAN 2004, security fkewall 2008, message server 2020, data store 
2017, mailboxes 2019, and VPN routei^ 2035 are substantially the same as the similarly- 
labelled con^xments in Fig. 20., However, since the VPN router 2035 communicates with the 
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network operator in&asttuctare 2040, it need not necessarily be a wireless VPN ronter- in the 
system of Fig. 21,. The network operator infi-astmctoie 2040 enables wiieless information 
exchange between the LAN 2007 and mobile devices 2013, 2015, i^spectively associated 
with the computei systems 2042 and 2052 and configuied to operate within the wireless 
network 201 L In the LAN 2007, a plnr'ality of desktop computer systems 2042, 2052 are 
shown, each having a physical connection 2046, 2056 to an interface or connector 2048, 
2058 . A wiieless connector system 2044, 2054 is operating on or in conjunclion with each 
computer system 2042, 2052., 

The wireless connector systems 2044, 2054 are similai to the wiieless connector 
system 2028 described above, in that it enables data items, such as e-mail messages and other 
items that ate stored in mailboxes 2019, and possibly data items stored in a local or network 
data store, to be sent from the LAN 2007 to one or more mobile devices 2013, 2015 In Fig 
21 however, the network operator' infrastructure 2040 provides an interface between the 
mobile devices 2013, 2015 and the LAN 2007 . As above, operation of the system shown in 
Fig. 21 will be described below in the context of an e-mail message as an illustrative example 
of a data item that may be sent to a mobile device 2013, 2015 

When an e-mail message 2033, addiessed to one or moxo recipients having an account 
on the message server 2020, is r-eceived by the message server 2020, the message, or- possibly 
a pointer to a single copy of the message stored in a centr al mailbox or data store, is stored 
into the mailbox 2019 of each such recipient . Once the e-mail message 2033 or pointer has 
been stored to a mailbox 2019, it may preferably be accessed using a r^obile device 2013 or 
2015. In the example shown in Fig. 21, the e-mail message 2033 has been addressed to Ihe 
mailboxes 2019 associated with both desktop computer systems 2042 and 2052 and thus both 
mobile devices 2013 and 2015,. 
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As those skilled in the ait will appreciate, commimication netwoik protocols 
commonly used in wired netwodcs such as the LAN 2007 and/or the WAN 2004 aie not 
suitahle or compatible with wireless netwoik communication protocols used witJiin wireless 
netwoiks such as 2011. Foi example, communication bandwidth, protocol oveihead and 
netwoik latency^ which are piimaiy concerns in wireless netwoik communications, aie less 
significant in wiied netwoiks, which typically have much highei' capacity and speed than 
wireless netwoiks. Hierefoi^, mobile devices 2013 and 2015 cannot normally access the data 
stoie 2017 dii'ectly.. The netwoik opeiatoi infrastructure 2040 provides a bridge between the 
wireless network 2011 and the LAN 2007. 

The netwoik operator infiastructure 2040 enables a mobile device 2013, 2015 to 

establish a connection to the LAN 2007 thi'ough the WAN 2004, and may,' for- example, be 

operated by an operator of the wireless netwoik 2011 or^ a service provider that provides 

wireless communication seivice for mobile devices 2013 and 2015 In a pull-based system, a 

mobile device 2013, 2015 may establish a communication session with the netwoik opemtor 

infrastructure 2040 using a wireless network compatible communication scheme, preferably a 

secure scheme such as Wireless Transport Layer Secuiity (WTLS) when information should 

remain confidential, and a wireless web browser such as a Wireless Application Protocol 

(WAP) browser. A user may then request (thiough manual selection or' pre-selected defaults 

in the software residing in the mobile device) any or aU information, or just new infoimation 

for example, stored in a mailbox 2019 in the data store 2017 at the LAN 2007. The network 

operatoi infiastiuctaie 2040 then establishes a connection or session with a wireless 

connector system 2044, 2054, using Secure Hypeitext Transfer Protocol (HTTPS) foi- 

example, if no session has aheady been established. As above, a session between the 

network opeiator infrasttuctur^ 2040 and a wireless connector system 2044, 2054 may be 

made via a typical WAN connection or- thiough the VPN router 2Q35 if available. When time 
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delays between leceiving a request ftom a mobile device 2013, 2015 and deKveiing requested 
informatioii back to the device are to be minimized, the network operator inftastructure 2040 
and the wireless connector systems 2044, 2054 may be configuied so that a communication 
connection lemains open once establ^hed 

In the system of Hg, 21, requests originating from mobile device A 2013 and B 2015 
would be sent to the wireless connectot systems 2044 and 2054, respectively, Upon 
receiving a request for infoimation from the network operator infiasbuctuie 2040, a wireless 
connector system 2044, 2054 retrieves requested infoimation from a data store For the e- 
mail message 2033, the wireless connectoi system 2044, 2054 retiieves the e-mail message 
2033 from the appropriate mailbox 2019, typically through a messaging client operating in 
conjunction with the computer system 2042, 2052, which may access a mailbox 2019 either 
via die message server 2020 or directly, Alternatively, a wireless connector system 2044, 
2054 may be configured to access mailboxes 2019 itself, dhectly ca- through the message 
server 2020. Also, otiier data stores, both network data stor^ shnilai to the data store 2017 
and local data stares associated with each computer system 2042, 2052, may be accessible to 
a wireless oonnectoi system 2044, 2054, and thus to a mobile deS?ice 2013, 2015 , 

IE the e-mail message 2033 is addressed to the message server' accounts or mailboxes 
2019 associated with both computer systems 2042 and 2052 and devices 2013 and 2015, then 
the e-mail message 2033 may be sent to the network operator infrastructure 2040 as shown at 
2060 and 2062, which then sends a copy of the frmaU mrasage to each mobUe device 2013 
and 2015, as indicated at 2064 and 2066., Information may be transferred between the 
wireless connector systems 2044, 2054 and the network operator infrastructure 2040 via 
either a coimection to the WAN 2004 or the VPN router 2035,, When the network operator 
infrastructure 2040 communicates with the wireless connector systems 2044, 2054 and the 
mobile devices 2013, 2015 via differemt protocols, translation operations may be performed 
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by the network opeiatoi mfiastoctuie 2040. Repackaging techniques may also be used 
between the wiieless connector systems 2044, 2054 and the network operator infrastracture 
2040, and between each mobile device 2013, 2015 and the network opeiator infirastiuctme 
2040, 

Messages or other infonnation to be sent fiom a mobile device 2013, 2015 may be 
processed in a similar mannei, with such infonnation first being trrnisf eired from a mobile 
device 2013, 2015 to the network operatoi infrastructure 2040: The network operator 
inftastiuctuTe 2040 may then send the inf bimation to a wueless connector system 2044, 2054 
for storage in a mailbox 2019 and delivery to any addressed recipients by the message server 
2020 for example, or may alternatively deliver the information to the addressed recipients . 

The above description of the system in Kg. 21 relates to puU-based operations. The 
wireless connector systems 2044, 2054 and the network operator inftastiucture may instead 
be configmed to push data items to mobile devices 2013 and 2015., A combined push/puU 
system is also possible, For example, a notification of a new message or a list of data items 
cuirently stored in a data store at the LAN 2007 could be pushed to a mobile device 2013, 
2015, which may then be used to request messages or data items from the IAN 2007 via the 
network operatoi infrastructure 2040 

If mobile devices associated with user accounts on the LAN 2007 are configured to 
operate within different wheless networks, then each wireless network may have an 
associated wireless network inftastnxture component similar to 2040.. 

Although separate, dedicated wiieless connector systems 2044, 2054 are shown for 

each computer system 2042, 2052 in the system of Fig 21, one or' more of the wireless 

connector systems 2044, 2054 may preferably be configured to operate in conjunction with 

more than one computer system 2042, 2052, or to access a data store or mailbox 2019 

associated with more than one computer system* For example, the wheless connector' system 
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2044 may be granted access to the mailboxes 2019 associated with both the computet system 
2042 and the computer sj^tem 2052,. Requests foi data items from either mobile device A 
2013 oi- B 2015 may then be processed by the wireless coimectoi- system 2044. This 
configuration may be useful to enable wiieless communications between the LAN 2007 and 
tiie mobile devices 2013 and 2015 without lequiiing a desktop computer system 2042, 2052 
to be junning fbi each mobile device user.. A wiieless connectoi" system may instead be 
implemented in conjunction with the message seivei 2020 to enable wireless 
communications. 

Fig. 22 is a block diagram of another alternative communication system., The system 
includes a computer system 2002, WAN 2004, a coipoiate LAN 2009 located behind a 
security firewall 200S, an access gateway 2080» data store 2082, wireless networks 2084 and 
2086, and mobile devices 2088 and 2090. In the LAN 2009, the computer system 2002, 
WAN 2004, secuiity fiiewall 2008, message servei 2020, data store 2017, mailboxes 2019, 
desktop computei system 2022, physical connection 2024, inteifece or connector 2026 and 
VPN loutei 2035 aie substantially the same as the coiiesponding components described 
above. The access gateway 2080 and data store 2082 provide mobile devices 2088 and 2090 
with access to data items stoied at the LAN 2009. la Fig. 22, a wireless connector system 
2078 operates on or in conjunction with the m^sage seiver 2020, although a wiieless 
connector system may instead operate on or in conjunction with one oi more desktop 
computei systems ia the LAN 2009. 

The wireless connector system provides for transfer of data items stoied at the 
LAN 2009 to one or more mobile devices 208S, 2090 , These data items preferably include e- 
mail messages stored in mailboxes 2019 in the data store 2017, as well as possibly other 
items stoied in the data store 2017 or anothej netwoik dam store or a local data store of a 
computei system such as 2022. 
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As described above, an e-mail message 2033 addressed to one oi more lOTipients 

having an account on the message seiver 2020 and leceived by the message seivei 2020 may 

be stoied into the mailbox 2019 of each such lecipient. In the system of Fig . 22, the external 

data store 2082 piefeiably has a similai' stiiacture to, and remains synchionized with, the data 

store 2017.. PIM infoimation or data stored at data store 2082 pi-efeiably is independently 

modifiable to the PIM infoimation oi data stored at the host system. In th^ paiticulai 

configaiation, the independently modifiable information at the external data store 2082 may 

maintain synchionization of a plnrality of data stoies associated with a usei (i.e ., data on a 

mobile device, data on a peisond compntei at home, data at the cojporate LAN, etc.). This 

synchronization may be accomplished, foi example, thiough updates sent to the data store 

2082 by the wiieless connectoi system 2078 at ceitain tune intervals, each time an entry in 

the data store 2017 is added or changed, at ceitam times of day, or when initiated at the I.AN 

2009, by the message seiver 202O or a compntei system 2022, at the data store 2082, oi 

possibly by a mobile device 2088. 2090 through the access gateway 2080, In the case of the 

e-mail message 2.033 foi example, an update sent to the data stoie 2082 some time after the e- 

mail message 2033 is received may indicate that the message 2033 has been stored in a 

ceitain mailbox 2019 in the store 2017, and a copy of the e mail message wiE be stored to a 

corresponding storage aiea in the data store 2082. When the &-mail message 2033 has been 

stored in the maHboxes 2019 coiresponddng to the mobile devices 20S8 and 2090 foi 

example, one or moi'e copies of the e-mail message, indicated at 2092 and 2094 in Fig. 22, 

will be seat to and stoied in corresponding storage areas or mailboxes in the data store 2082,. 

As shown, updates oi copies of stored infoimation in the data store 2017 may be sent to the 

data store 2082 via a connection to the WAN 2004 or 1he VPN router 2035 For example, the 

wireless connector' system 2078 may post updates oi" stored infoimation to a i"esonice in the 

data store 2082 via an HTTP post request, Alternatively, a secme protocol such as HTTPS or 

71 



CA 02450601 2003-12-12 
WO 02/101605 PCT/CA02/00889 

Secuie Sockets Layer (SSL) may be used. Those skilled in the art wiU appreciate that a 
single copy of a data item stored in more than one location in a data store at the LAN 2009 
may instead be sent to the data stoie 2082 . This copy of the data item cotdd then be stored 
either m more than one corresponding location in the data store 2082, or a single copy may be 
stored in die data store 2082, with a pointer or other Identifier' of the stored data item being 
stored in each corresponding location in the data store 2082, 

The access gateway 2080 is effectively an access platform, m that it provides mobile 
devices 2088 and 2090 with access to the data store 2082 . The data store 2082 may be 
configured as a resource accessible on the WAN 2004, and the access gateway 2080 may be 
an ISP system or WAP ^teway through which mobile devices 2088 and 2090 may connect 
to the WAN 2004,. A WAP browser or other browser' compatible with the wireless networks 
2084 and 2086 may then be used to access the data store 2082, which is synchronized with 
the data store 2017, and download stored data items either automatically or responsive to a 
request from a mobile device 2088, 2090 As shown at 2096 and 2098, copies of the e-mail 
message 2033, which was stored in the data store 2017, may be sent to Ihe mobile devices 
2088 and 2090. A data store (not shown) on each mobile device 2088, 2090 may thereby be 
synchronized with a portion, such as a mailbox 2019, of a data store 2017 on a corporate 
LAN 2009. Changes to a mobile device data store may sicnilaily be reflected in the data 
stores 20S2 and 2017., 
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WHAT' IS a-AlMED AS IHE INVENTION IS: 

1., A miithod of leducmg ths size of an enciypted massage at a host sysi&xn before the 
message is tansmitted to a wineiess mobile comraimication device, tbe mefliod coniprisi»g 
the Steps of; 

(a) leceivipg at fbe host systsm aa encrypted message from a message sendesr 
addressed to ftst and second message receivers, the encaypced lusssage including tsn 
encrypted message body and an eBctypted session key ibr each of the message receivers: 

Cb> genetating at the host system a first reduced size encrypted message tiiat contains 
die encrypted message body and tbe enciypted session Icey for the first message receiver, the 
first ledaced size encrypted message not including the encrypted session tey for the second 
message receiver; and 

(c) transtntttfng the fiist redvced size encrypted message to a wiieless mobil© 
coinraimicarioii device that corresponds to the first message roceivei; 

whsrean die encrypted sessions keys were encrypted via public ikeys diat are 
electror^ically available fiom diffei^nt campames ovei' a network to which the host system is 
connectBd. 

2. The method of claim 1, wherein the step of geneiating a first re^duced size encrypted 
message comptises the step of removing an encrypted session key other- shan the encrypted 
session key for the fijst message leodvet' in order to forro the fitst leduced sized encrypted 
ntessa^. 

3., I he method of claim 1, whereba the step of generating a jEiise leduced size encrypted 

message comprises the st&p of lemoviag all encrypted session keys other than the enciypted 
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session key for th& firsi message leceivei' m order lo form the firsi reduced size encrypted 

message.. 

4. Tl2c m&thod of qiaim 3, whsrein the st^ of genesrating a fest reduced size CTcrypted 
message comprises the step of lemoving a message leceiver iufonnadon field of the message 
which maps each encrypted session key to a ixiessage recipient 

5 . Ihe method of claim 1 wherein: 

ibe sweiving step (a) comprises flie step of leceiving at the host system an eiicrypted 
message firom a message sender addressed to a pbitality of message receivers, the encrypted 
message mciuding an encrypted m^sage body and an encrypted sessiCHi Iccy for each 
message receiver, 

the nisthod fiuther comprises the step of deteimxning whether any of the message 
receivers has a correspandiDg wir eless mobile commamcation device; 

the geneiatins step Cb) compxises the step of, for each message recdver that has a 
corresponding wireless mobile commumcatioTi device, generating a reduced size encrypted 
messa^ contairdng the encrypted message body and the esnciypted session key only fca' the 
message rec&ivei'; and 

the transrnittiTig step (c) comprises the step of fciansmitting the reduced size encrypted 
message to the wiiieless mobile ooanmnnicadon device. 

6. Tlie method of claim 5, wherein a single address is shared by a message receiver and 
a corresponding wiieless mobile commtmication device. 
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7., The method of claim 5, whexem each encrypted session key is encrypted using a 
p-ablic key of a message rec&ivei, and a message receiver and a cOBespQuding wireless 
iDobile comnrnnicarioa device share ti^e public key and an associated piivate key 

8.. Ills method of claim 1, wherein the enciypted message is a message that has been 
signed and then encrypted, aod fhtther mcludes an encrypted digital signatare; and 

the step of gener^tiDg a fiist reduced size encrypted message^ comprises the step cDf 
generating a seduced size encrypted message ooniaming the encrypted message body, the 
enciyptsd digital sigpatute and the enciyptBd session key for che ilrstmEssagB leceivei „ 

9. Ihe toetbod of claim 8, wherein: 

the eociypted message farther coinprises encrypted signatine-afelated information; and 
the step of gsneratii^g a first reduced size encrypted message comprises the step of 

generating a reduced size encrypted message containing the eBctypted message body, the 

enciypted digital signature, the encrypted signaturB-reiaeed infoimadon axid the encrypted 

ses^on key for cbc fiist message receiver. 

,10. The method of claim 1, wherein the encrypted message is a Secure Multipuipose 
Inteinec Mail Extensions (S/MIME) e-mail message* 

11- The method of claim 1, wherein the encrypted message is enraypted according to 
Prexty Good Privacy (PGP) » and wiierein a second enciypted message is handled by the host 
system for Cfansiaissxon to the Tjvireless molnle communication device , whertiin the second 
encrypted message is a Secure Multipurpose Internet Mai] Extensions (S/MIME) e-mail 

message. 

75 

EfdPfaftSszeit 24 Juli 




Or/24/03 11:22 FAl 319 S8S 690S 



CA 02450601 2003-12-12 
RESEARCH IN MOITON 



©DOS 



12 . A fiisi reduced size enciypred message generated in accordaDce mib the metkod of 
claim I. 

13 . A system for redncing the size of an encrypted mes^ge fbr ctansTnission to a wiieless 
mobile coraraumcation device, the system comprising: 

a host system configured to lecei^'e an encjypted message from a message sendei acd 
addressed to message receivers, the encrypted message iiicludiag ac enciypted message body 
and an encrypted session hiey for each message receivei; and 

a wireless connectcia' systesm associatEd with line host system and configured to 
determine whethet any of the message receivers has a coirespondmg wireless mobile 
communication device and if so, for each message xeceiver that has a cotrespondrag wireless 
mobile commimicadon device, to generate a reduced size encrypted message containing Che 
message body and the encrypted session foey only for the message i ecs^iver and to ttansinit the 
reduced size encrypted message to die wireless mobile communicatioa device, wheiein at 
least two of die encrypted session keys for the message receivers were encxypted via public 
keys that are eledranically available from different companies over' a network lO which the 
host system is connected. 

14.. T he system of claka 13» wherein the host system compiisBs k message server system . 

15.. Ihe sysEem of claim 14, wherein the message server system is implemented in a 
secure network behind a network, security firewall- 



76 



Empfaftsszait U hW 




07/24/03 11:22 FAX dIS 858 8906 



CA 02450S01 2003-12-12 
RESEARCH IN ilOIlDN 



fl[009 



16. Ihe system of dajm 13, wherem the hoSE system compxises a desktop computer 



17 The system of claim 13, wherein a a^worlc opeiator infrastcuctute enaljl&s wiieless 
infonnaticm excliaage berweeii tbe host system and v?iiBless mobiie comniindcauon devices,. 

IS., A system for reducing the size of an enciypied message at a host &ysicm "before the 
message is traasmicted to a vvix&les$ mobOe coxxntxiaTticatioii device, smd system compiisiiig: 



means for leceiviug at the hose system to eaqiypted message fram a message sender 
ad<kessed to first and second message leceivsfs, the racrypiKd message iacluding an 
enciyptecL message body and an enciypted session Icey for each of the message receivers; 

means fai generaiiii^ at the host system a first reduced size encrypted message that 
contains the enciypted message body and the encaypted sessicai key for the first message 
receiver, the first reduced size encrypted message not iacludjTig the encrypted ^sion key f oi 
the seeond message receiver; and 

means for tiansmittiag the tiist reduced size encrypt^ message to a wireless mobile 
commnnicatloii device that corresponds to ihe first message Tecdivei; 

wherein the encrypted session keys were encrypted via public keys that are 
electiDiucally available from diff^ent companies ovet^ a netwoilc to which the host system is 
connected, and 

wherein dilBOeTent electronic security messaging approaches are used to encrypt 
messages sent to the host system- 

19. A v/ireless device comprismg yneinory for storing a jSrst leduced size encrypted 
message, ^vhe^cin the first reduced size enciypted message was genezated by a remote system 



system or a laptop computei- system . 
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based upon an encrypted messag^e provided to the re-mote system from a jnessa^ sender; said 
eisciypted message from the message seudar havitig contaiiied addresses to fust snd s^ond 
message receivers, the sendei's enctypted message hsduding an encrypted message body and 
an encrypced session key far- each of the message receiyeis^ 

■wherein the &si xeduced size encrypted message con^ins the encrypted messsage 
body and the encrypted session tey for the fkst message receiver, the first reduced sfze 
encrypted message sent by the remote system to the wireless device tiOl fncluiiiag the 
encrypted session key fot l^ie second message receives, wherein the encrypted session keys 
were encrypted vm public keys that aie BlectrorncaOy available fcooi diffeient companies 
ovei a network to wiucb the host system is connected 

20, The wheless device of claim 19 wherein the wireless device has an asscKxiation with 
the first message receiver, said association indicating that the wireless device is to receive 
isiessages sent to the first message receiveE,. 

21 The wireJess device of claim 19 wherein the remote system comprises host sysceuj 
means.. 

22. .. The wireless device of claim 19 wherein the host system means comprises wixeJess 
connection system means . 

23,. A compnter data signal entbodied in a carrier wave comprising a first reduced size 

enciypted messagej wherein the first reduced size encrypted message was genemted by a 

remote system based upon an enciypted message provided to the remote system from a 

message sendet, said encrypted message from the message sendei having contained addresses 
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CO fjrst mi s^ond message receivers, the seDder's encrypted message ixLcbidmg an encrypted 
message body and an encrypred session key ibr each of the message receavers* 

wheisin the first reduced size eacrypted message contains th& enciypted message 
body and the encrypted session key foi the fiist message receivex, the first leduced size 
encrypted messa^ sent by fh&iemote system to the wireless device not includmg the 
encrypted session key ibr tiie second roessage receiver, wherein the enciypted session keys 
weie enciypEed via public Iceys that aie electronically av^iilable :&om different companies 
over a netwoik to which the host system is connected., 

24. A noednod of processing em encoded mess9t.»e at a host sy^sm before the message is 
ttansmitted to a wteless mobile cannrainicatioii device* the method comprising the steps of: 

receiving at the ho$t system th^ encoded message £rom a message sendei addressed to 
a plurality of message xei.ceivei s; 

^barem at least portions of the encoded messago were encoded via electronic 
asyixmi&,tic secmity keys that toe electronically available from diffestent companies over a 
network to which the host system is connected; 

deCeiTXiining whether any of the message receivers has a corresponding wireless 
mobile communication device; and 

for each message leceiver thai has a corcesponding wiieless mobile communication 

device; 

processing the message so as to modiiy the mjessage Avith respect to an 
encoding aspect, said encodhig aspect being selected from the gro^ip cooasasriDg of an 
encrypiion aspect, an authendcsitica aspect, and combinations thereof; and 

ttansimcdiig the processed message to die corresponding wireless mobile 
commnnication device.. 
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